EIQ-2018-0010#

ID

EIQ-2018-0009

CVE

CVE 2017-18342

Description

Arbitrary Python code execution through the yaml.load function

Date

07 Jan 2019

Severity

0 - NONE

CVSSv3 score

9.8

Status

✅ All versions

Assessment

EclecticIQ Platform uses the pyyaml library, which facilitates the execution of arbitrary Python code through the yaml.load function.

Mitigation

EclecticIQ Platform was never affected.

Affected versions

None

Notes

EclecticIQ Platform always uses yaml.safe_load, which does not allow executing arbitrary Python code.