CVE-2011-4103

emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.
Configurations

Configuration 1 (hide)

cpe:2.3:a:djangoproject:piston:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:31

Type Values Removed Values Added
References () http://www.debian.org/security/2011/dsa-2344 - () http://www.debian.org/security/2011/dsa-2344 -
References () http://www.openwall.com/lists/oss-security/2011/11/01/10 - () http://www.openwall.com/lists/oss-security/2011/11/01/10 -
References () https://bitbucket.org/jespern/django-piston/commits/91bdaec89543/ - Patch () https://bitbucket.org/jespern/django-piston/commits/91bdaec89543/ - Patch
References () https://bugzilla.redhat.com/show_bug.cgi?id=750658 - () https://bugzilla.redhat.com/show_bug.cgi?id=750658 -
References () https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/ - Vendor Advisory () https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/ - Vendor Advisory

Information

Published : 2014-10-27 01:55

Updated : 2024-11-21 01:31


NVD link : CVE-2011-4103

Mitre link : CVE-2011-4103

CVE.ORG link : CVE-2011-4103


JSON object : View

Products Affected

djangoproject

  • piston
CWE
CWE-20

Improper Input Validation