emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2014-10-27T01:00:00
Updated: 2024-08-07T00:01:49.946Z
Reserved: 2011-10-18T00:00:00
Link: CVE-2011-4103
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-10-27T01:55:23.280
Modified: 2024-11-21T01:31:51.107
Link: CVE-2011-4103
Redhat
No data.