Home

CVE-2020-14343

Description

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
11.41

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.58Windows
Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.59Windows
Vulnerabilities CVE-2020-14343 are fixed in Python-pyyaml 5.4Windows
YAML parser and emitter for Python (USN-4940-1) python-yaml_5.3.1-1ubuntu0.1_i386.debLinux
YAML parser and emitter for Python (USN-4940-1) python-yaml_5.3.1-1ubuntu0.1_amd64.debLinux
YAML parser and emitter for Python (USN-4940-1) python3-yaml_5.3.1-1ubuntu0.1_i386.debLinux
YAML parser and emitter for Python (USN-4940-1) python3-yaml_5.3.1-1ubuntu0.1_amd64.debLinux
YAML parser and emitter for Python (USN-4940-1) python3-yaml_5.3.1-2ubuntu0.1_i386.debLinux
YAML parser and emitter for Python (USN-4940-1) python3-yaml_5.3.1-2ubuntu0.1_amd64.debLinux
Python38 update (ELSA-2021-2583) python38-3.8.6-3.module+el8.4.0+20068+32a535e2.x86_64.rpmLinux
Python38-Cython update (ELSA-2021-2583) python38-Cython-0.29.14-4.module+el8.4.0+20068+32a535e2.x86_64.rpmLinux
Python38-PyMySQL update (ELSA-2021-2583) python38-PyMySQL-0.10.1-1.module+el8.4.0+20068+32a535e2.noarch.rpmLinux
Python38-asn1crypto update (ELSA-2021-2583) python38-asn1crypto-1.2.0-3.module+el8.4.0+20068+32a535e2.noarch.rpmLinux
Python38-babel update (ELSA-2021-2583) python38-babel-2.7.0-10.module+el8.4.0+20068+32a535e2.noarch.rpmLinux
Python38-cffi update (ELSA-2021-2583) python38-cffi-1.13.2-3.module+el8.4.0+20068+32a535e2.x86_64.rpmLinux
Python38-chardet update (ELSA-2021-2583) python38-chardet-3.0.4-19.module+el8.4.0+20068+32a535e2.noarch.rpmLinux
Python38-cryptography update (ELSA-2021-2583) python38-cryptography-2.8-3.module+el8.4.0+20068+32a535e2.x86_64.rpmLinux
Python38-debug update (ELSA-2021-2583) python38-debug-3.8.6-3.module+el8.4.0+20068+32a535e2.x86_64.rpmLinux
Python38-devel update (ELSA-2021-2583) python38-devel-3.8.6-3.module+el8.4.0+20068+32a535e2.x86_64.rpmLinux
Python38-idle update (ELSA-2021-2583) python38-idle-3.8.6-3.module+el8.4.0+20068+32a535e2.x86_64.rpmLinux
Python38-idna update (ELSA-2021-2583) python38-idna-2.8-6.module+el8.4.0+20068+32a535e2.noarch.rpmLinux
Python38-jinja2 update (ELSA-2021-2583) python38-jinja2-2.10.3-4.module+el8.4.0+20068+32a535e2.noarch.rpmLinux
Python38-libs update (ELSA-2021-2583) python38-libs-3.8.6-3.module+el8.4.0+20068+32a535e2.x86_64.rpmLinux
Python38-lxml update (ELSA-2021-2583) python38-lxml-4.4.1-5.module+el8.4.0+20068+32a535e2.x86_64.rpmLinux
Python38-markupsafe update (ELSA-2021-2583) python38-markupsafe-1.1.1-6.module+el8.4.0+20068+32a535e2.x86_64.rpmLinux
Python38-mod_wsgi update (ELSA-2021-2583) python38-mod_wsgi-4.6.8-3.module+el8.4.0+20068+32a535e2.x86_64.rpmLinux
Python38-numpy update (ELSA-2021-2583) python38-numpy-1.17.3-5.module+el8.4.0+20068+32a535e2.x86_64.rpmLinux
Python38-numpy-doc update (ELSA-2021-2583) python38-numpy-doc-1.17.3-5.module+el8.4.0+20068+32a535e2.noarch.rpmLinux
Python38-numpy-f2py update (ELSA-2021-2583) python38-numpy-f2py-1.17.3-5.module+el8.4.0+20068+32a535e2.x86_64.rpmLinux
Python38-pip update (ELSA-2021-2583) python38-pip-19.3.1-1.module+el8.4.0+20068+32a535e2.noarch.rpmLinux
Python38-pip-wheel update (ELSA-2021-2583) python38-pip-wheel-19.3.1-1.module+el8.4.0+20068+32a535e2.noarch.rpmLinux
Python38-ply update (ELSA-2021-2583) python38-ply-3.11-10.module+el8.4.0+20068+32a535e2.noarch.rpmLinux
Python38-psutil update (ELSA-2021-2583) python38-psutil-5.6.4-3.module+el8.4.0+20068+32a535e2.x86_64.rpmLinux
Python38-psycopg2 update (ELSA-2021-2583) python38-psycopg2-2.8.4-4.module+el8.4.0+20068+32a535e2.x86_64.rpmLinux
Python38-psycopg2-doc update (ELSA-2021-2583) python38-psycopg2-doc-2.8.4-4.module+el8.4.0+20068+32a535e2.x86_64.rpmLinux
Python38-psycopg2-tests update (ELSA-2021-2583) python38-psycopg2-tests-2.8.4-4.module+el8.4.0+20068+32a535e2.x86_64.rpmLinux
Python38-pycparser update (ELSA-2021-2583) python38-pycparser-2.19-3.module+el8.4.0+20068+32a535e2.noarch.rpmLinux
Python38-pysocks update (ELSA-2021-2583) python38-pysocks-1.7.1-4.module+el8.4.0+20068+32a535e2.noarch.rpmLinux
Python38-pytz update (ELSA-2021-2583) python38-pytz-2019.3-3.module+el8.4.0+20068+32a535e2.noarch.rpmLinux
Python38-pyyaml update (ELSA-2021-2583) python38-pyyaml-5.4.1-1.module+el8.4.0+20219+c17d6bc1.x86_64.rpmLinux
Python38-requests update (ELSA-2021-2583) python38-requests-2.22.0-9.module+el8.4.0+20068+32a535e2.noarch.rpmLinux
Python38-rpm-macros update (ELSA-2021-2583) python38-rpm-macros-3.8.6-3.module+el8.4.0+20068+32a535e2.noarch.rpmLinux
Python38-scipy update (ELSA-2021-2583) python38-scipy-1.3.1-4.module+el8.4.0+20068+32a535e2.x86_64.rpmLinux
Python38-setuptools update (ELSA-2021-2583) python38-setuptools-41.6.0-4.module+el8.4.0+20068+32a535e2.noarch.rpmLinux
Python38-setuptools-wheel update (ELSA-2021-2583) python38-setuptools-wheel-41.6.0-4.module+el8.4.0+20068+32a535e2.noarch.rpmLinux
Python38-six update (ELSA-2021-2583) python38-six-1.12.0-10.module+el8.4.0+20068+32a535e2.noarch.rpmLinux
Python38-test update (ELSA-2021-2583) python38-test-3.8.6-3.module+el8.4.0+20068+32a535e2.x86_64.rpmLinux
Python38-tkinter update (ELSA-2021-2583) python38-tkinter-3.8.6-3.module+el8.4.0+20068+32a535e2.x86_64.rpmLinux
Python38-urllib3 update (ELSA-2021-2583) python38-urllib3-1.25.7-4.module+el8.4.0+20068+32a535e2.noarch.rpmLinux
Python38-wheel update (ELSA-2021-2583) python38-wheel-0.33.6-5.module+el8.4.0+20068+32a535e2.noarch.rpmLinux
Python38-wheel-wheel update (ELSA-2021-2583) python38-wheel-wheel-0.33.6-5.module+el8.4.0+20068+32a535e2.noarch.rpmLinux
(RHSA-2021:2583) python38:3.8 and python38-devel:3.8 security update PyYAML-debugsource-5.4.1-1.module+el8.4.0+10706+5c295a3e.x86_64.rpmLinux
(RHSA-2021:2583) python38:3.8 and python38-devel:3.8 security update python38-pyyaml-5.4.1-1.module+el8.4.0+10706+5c295a3e.x86_64.rpmLinux
SUSE-SU-2021:2818-1(SUSE Linux Enterprise Server 12-SP5 ) python-PyYAML-5.3.1-28.6.1.x86_64.rpmLinux
SUSE-SU-2021:2818-1(SUSE Linux Enterprise Server 12-SP5 ) python-PyYAML-debuginfo-5.3.1-28.6.1.x86_64.rpmLinux
SUSE-SU-2021:2818-1(SUSE Linux Enterprise Server 12-SP5 ) python-PyYAML-debugsource-5.3.1-28.6.1.x86_64.rpmLinux
SUSE-SU-2021:2818-1(SUSE Linux Enterprise Server 12-SP5 ) python3-PyYAML-5.3.1-28.6.1.x86_64.rpmLinux
SUSE-SU-2021:2818-1(SUSE Linux Enterprise Server 12-SP5 ) python3-PyYAML-debuginfo-5.3.1-28.6.1.x86_64.rpmLinux
python38:3.8 and python38-devel:3.8 security update (RLSA-2021:2583) python38-six-1.12.0-10.module+el8.4.0+570+c2eaf144.noarch.rpmLinux
python38:3.8 and python38-devel:3.8 security update (RLSA-2021:2583) python39-ply-3.11-10.module+el8.4.0+574+843c4898.noarch.rpmLinux
python38:3.8 and python38-devel:3.8 security update (RLSA-2021:2583) python38-cffi-1.13.2-3.module+el8.4.0+570+c2eaf144.x86_64.rpmLinux
python38:3.8 and python38-devel:3.8 security update (RLSA-2021:2583) python38-idna-2.8-6.module+el8.4.0+570+c2eaf144.noarch.rpmLinux
python38:3.8 and python38-devel:3.8 security update (RLSA-2021:2583) python38-pytz-2019.3-3.module+el8.4.0+570+c2eaf144.noarch.rpmLinux
python38:3.8 and python38-devel:3.8 security update (RLSA-2021:2583) python38-Cython-0.29.14-4.module+el8.4.0+570+c2eaf144.x86_64.rpmLinux
python38:3.8 and python38-devel:3.8 security update (RLSA-2021:2583) python39-chardet-3.0.4-19.module+el8.4.0+574+843c4898.noarch.rpmLinux
python38:3.8 and python38-devel:3.8 security update (RLSA-2021:2583) python39-pysocks-1.7.1-4.module+el8.4.0+574+843c4898.noarch.rpmLinux
python38:3.8 and python38-devel:3.8 security update (RLSA-2021:2583) python38-mod_wsgi-4.6.8-3.module+el8.4.0+570+c2eaf144.x86_64.rpmLinux
python38:3.8 and python38-devel:3.8 security update (RLSA-2021:2583) python38-requests-2.22.0-9.module+el8.4.0+570+c2eaf144.noarch.rpmLinux
python38:3.8 and python38-devel:3.8 security update (RLSA-2021:2583) python38-pycparser-2.19-3.module+el8.4.0+570+c2eaf144.noarch.rpmLinux
python38:3.8 and python38-devel:3.8 security update (RLSA-2021:2583) python38-asn1crypto-1.2.0-3.module+el8.4.0+570+c2eaf144.noarch.rpmLinux
python38:3.8 and python38-devel:3.8 security update (RLSA-2021:2583) python38-markupsafe-1.1.1-6.module+el8.4.0+570+c2eaf144.x86_64.rpmLinux
python38 update (TU-CESAS-0023) python38-3.8.17-2.module_el8+640+ebf3d03c.x86_64.rpmLinux
python39 update (TU-CESAS-0023) python39-3.9.17-2.module_el8+639+3fcd10de.x86_64.rpmLinux
python39 update (TU-CESAS-0023) python39-pip-20.2.4-8.module_el8+639+3fcd10de.noarch.rpmLinux
python38 update (TU-CESAS-0023) python38-libs-3.8.17-2.module_el8+640+ebf3d03c.x86_64.rpmLinux
python38 update (TU-CESAS-0023) python38-test-3.8.17-2.module_el8+640+ebf3d03c.x86_64.rpmLinux
python39 update (TU-CESAS-0023) python39-idle-3.9.17-2.module_el8+639+3fcd10de.x86_64.rpmLinux
python39 update (TU-CESAS-0023) python39-libs-3.9.17-2.module_el8+639+3fcd10de.x86_64.rpmLinux
python39 update (TU-CESAS-0023) python39-test-3.9.17-2.module_el8+639+3fcd10de.x86_64.rpmLinux
python38 update (TU-CESAS-0023) python38-debug-3.8.17-2.module_el8+640+ebf3d03c.x86_64.rpmLinux
python38 update (TU-CESAS-0023) python38-devel-3.8.17-2.module_el8+640+ebf3d03c.x86_64.rpmLinux
python39 update (TU-CESAS-0023) python39-devel-3.9.17-2.module_el8+639+3fcd10de.x86_64.rpmLinux
python39 update (TU-CESAS-0023) python39-pyyaml-5.4.1-1.module_el8+639+3fcd10de.x86_64.rpmLinux
python39 update (TU-CESAS-0023) python39-tkinter-3.9.17-2.module_el8+639+3fcd10de.x86_64.rpmLinux
python39 update (TU-CESAS-0023) python39-urllib3-1.25.10-4.module_el8+639+3fcd10de.noarch.rpmLinux
python39 update (TU-CESAS-0023) python39-pip-wheel-20.2.4-8.module_el8+639+3fcd10de.noarch.rpmLinux
python38 update (TU-CESAS-0023) python38-rpm-macros-3.8.17-2.module_el8+640+ebf3d03c.noarch.rpmLinux
python39 update (TU-CESAS-0023) python39-rpm-macros-3.9.17-2.module_el8+639+3fcd10de.noarch.rpmLinux
python38:3.8 and python38-devel:3.8 security update (RLSA-2021:2583) python38-scipy-1.3.1-4.module+el8.5.0+672+ab6eb015.x86_64.rpmLinux
python38:3.8 and python38-devel:3.8 security update (RLSA-2021:2583) python38-pyyaml-5.4.1-1.module+el8.5.0+672+ab6eb015.x86_64.rpmLinux
python38:3.8 and python38-devel:3.8 security update (RLSA-2021:2583) python38-pysocks-1.7.1-4.module+el8.4.0+570+c2eaf144.noarch.rpmLinux
python38:3.8 and python38-devel:3.8 security update (RLSA-2021:2583) python38-psycopg2-tests-2.8.4-4.module+el8.6.0+794+eba84017.x86_64.rpmLinux
python38:3.8 and python38-devel:3.8 security update (RLSA-2021:2583) python38-psycopg2-doc-2.8.4-4.module+el8.6.0+794+eba84017.x86_64.rpmLinux
python38:3.8 and python38-devel:3.8 security update (RLSA-2021:2583) python38-psycopg2-2.8.4-4.module+el8.6.0+794+eba84017.x86_64.rpmLinux
python38:3.8 and python38-devel:3.8 security update (RLSA-2021:2583) python38-ply-3.11-10.module+el8.4.0+570+c2eaf144.noarch.rpmLinux
python38:3.8 and python38-devel:3.8 security update (RLSA-2021:2583) python38-cryptography-2.8-3.module+el8.5.0+672+ab6eb015.x86_64.rpmLinux
python38:3.8 and python38-devel:3.8 security update (RLSA-2021:2583) python38-chardet-3.0.4-19.module+el8.4.0+570+c2eaf144.noarch.rpmLinux
python38:3.8 and python38-devel:3.8 security update (RLSA-2021:2583) python38-PyMySQL-0.10.1-1.module+el8.5.0+672+ab6eb015.noarch.rpmLinux
Vulnerabilities CVE-2020-14343 are fixed in Python-pyyaml for linux 5.4Linux
Improper Input Validation Vulnerability (CVE-2020-14343)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234