{"id":"CVE-2017-18342","details":"In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.","aliases":["GHSA-rprw-h62v-c2w7","PYSEC-2018-49"],"modified":"2026-04-16T04:39:57.550498053Z","published":"2018-06-27T12:29:00.210Z","related":["SUSE-FU-2022:0444-1","SUSE-FU-2022:0445-1","openSUSE-SU-2024:11108-1","openSUSE-SU-2024:11210-1","openSUSE-SU-2024:11247-1","openSUSE-SU-2024:14089-1","openSUSE-SU-2024:14152-1"],"references":[{"type":"WEB","url":"https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load%28input%29-Deprecation"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSQQMRUQSXBSUXLCRD3TSZYQ7SEZRKCE/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEX7IPV5P2QJITAMA5Z63GQCZA5I6NVZ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M6JCFGEIEOFMWWIXGHSELMKQDD4CV2BA/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202003-45"},{"type":"ADVISORY","url":"https://github.com/yaml/pyyaml/blob/master/CHANGES"},{"type":"ADVISORY","url":"https://github.com/yaml/pyyaml/issues/193"},{"type":"ADVISORY","url":"https://github.com/marshmallow-code/apispec/issues/278"},{"type":"FIX","url":"https://github.com/yaml/pyyaml/pull/74"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/yaml/pyyaml","events":[{"introduced":"0"},{"fixed":"e471e86bf6dabdad45a1438c20a4a5c033eb9034"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"5.1"}]}}],"versions":["3.12","4.1","4.1-retracted"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-18342.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"28"}]},{"events":[{"introduced":"0"},{"last_affected":"29"}]},{"events":[{"introduced":"0"},{"last_affected":"30"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}