vulnerability
CentOS Linux: CVE-2019-20477: Moderate: python38:3.8 security, bug fix, and enhancement update (CESA-2020:4641)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Feb 19, 2020 | Nov 5, 2020 | May 25, 2023 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Feb 19, 2020
Added
Nov 5, 2020
Modified
May 25, 2023
Description
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.
Solution(s)
centos-upgrade-cython-debugsourcecentos-upgrade-numpy-debugsourcecentos-upgrade-python-cffi-debugsourcecentos-upgrade-python-cryptography-debugsourcecentos-upgrade-python-lxml-debugsourcecentos-upgrade-python-markupsafe-debugsourcecentos-upgrade-python-psutil-debugsourcecentos-upgrade-python-psycopg2-debugsourcecentos-upgrade-python38centos-upgrade-python38-asn1cryptocentos-upgrade-python38-babelcentos-upgrade-python38-cfficentos-upgrade-python38-cffi-debuginfocentos-upgrade-python38-chardetcentos-upgrade-python38-cryptographycentos-upgrade-python38-cryptography-debuginfocentos-upgrade-python38-cythoncentos-upgrade-python38-cython-debuginfocentos-upgrade-python38-debugcentos-upgrade-python38-debuginfocentos-upgrade-python38-debugsourcecentos-upgrade-python38-develcentos-upgrade-python38-idlecentos-upgrade-python38-idnacentos-upgrade-python38-jinja2centos-upgrade-python38-libscentos-upgrade-python38-lxmlcentos-upgrade-python38-lxml-debuginfocentos-upgrade-python38-markupsafecentos-upgrade-python38-markupsafe-debuginfocentos-upgrade-python38-mod_wsgicentos-upgrade-python38-numpycentos-upgrade-python38-numpy-debuginfocentos-upgrade-python38-numpy-doccentos-upgrade-python38-numpy-f2pycentos-upgrade-python38-pipcentos-upgrade-python38-pip-wheelcentos-upgrade-python38-plycentos-upgrade-python38-psutilcentos-upgrade-python38-psutil-debuginfocentos-upgrade-python38-psycopg2centos-upgrade-python38-psycopg2-debuginfocentos-upgrade-python38-psycopg2-doccentos-upgrade-python38-psycopg2-testscentos-upgrade-python38-pycparsercentos-upgrade-python38-pymysqlcentos-upgrade-python38-pysockscentos-upgrade-python38-pytzcentos-upgrade-python38-pyyamlcentos-upgrade-python38-pyyaml-debuginfocentos-upgrade-python38-requestscentos-upgrade-python38-rpm-macroscentos-upgrade-python38-scipycentos-upgrade-python38-scipy-debuginfocentos-upgrade-python38-setuptoolscentos-upgrade-python38-setuptools-wheelcentos-upgrade-python38-sixcentos-upgrade-python38-testcentos-upgrade-python38-tkintercentos-upgrade-python38-urllib3centos-upgrade-python38-wheelcentos-upgrade-python38-wheel-wheelcentos-upgrade-pyyaml-debugsourcecentos-upgrade-scipy-debugsource
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.