Page MenuHomePhabricator

Address unsafe yaml.load in PyYAML
Closed, ResolvedPublic


PyYAML has a yaml.load() function that provides arbitrary code execution before PyYAML v4.1 and is therefore deprecated - as of v5.1 - with a single file argument as described in

A minimum safe version should be provided and the necessary changes in the function call argument list must be upstreamed.

Event Timeline

matetothpal triaged this task as Low priority.Oct 21 2019, 7:05 AM
matetothpal created this task.
matetothpal closed this task as Resolved.Nov 15 2019, 10:28 AM

Change for this issue had been merged.