vulnerability
Rocky Linux: CVE-2019-20477: python38-3.8 (RLSA-2020-4641)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Feb 19, 2020 | Mar 12, 2024 | Aug 13, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Feb 19, 2020
Added
Mar 12, 2024
Modified
Aug 13, 2025
Description
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.
Solutions
rocky-upgrade-cython-debugsourcerocky-upgrade-numpy-debugsourcerocky-upgrade-python-cffi-debugsourcerocky-upgrade-python-cryptography-debugsourcerocky-upgrade-python-markupsafe-debugsourcerocky-upgrade-python-psutil-debugsourcerocky-upgrade-python-psycopg2-debugsourcerocky-upgrade-python38-cffirocky-upgrade-python38-cffi-debuginforocky-upgrade-python38-cryptographyrocky-upgrade-python38-cryptography-debuginforocky-upgrade-python38-cythonrocky-upgrade-python38-cython-debuginforocky-upgrade-python38-markupsaferocky-upgrade-python38-markupsafe-debuginforocky-upgrade-python38-mod_wsgirocky-upgrade-python38-numpyrocky-upgrade-python38-numpy-debuginforocky-upgrade-python38-numpy-f2pyrocky-upgrade-python38-psutilrocky-upgrade-python38-psutil-debuginforocky-upgrade-python38-psycopg2rocky-upgrade-python38-psycopg2-debuginforocky-upgrade-python38-psycopg2-docrocky-upgrade-python38-psycopg2-testsrocky-upgrade-python38-pyyamlrocky-upgrade-python38-pyyaml-debuginforocky-upgrade-python38-scipyrocky-upgrade-python38-scipy-debuginforocky-upgrade-pyyaml-debugsourcerocky-upgrade-scipy-debugsource
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.