CVE-2020-1747
Description
A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
3.07
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.0 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1 | Windows |
| Vulnerabilities CVE-2020-1747 are fixed in Python-pyyaml 5.3.1 | Windows |
| Vulnerabilities CVE-2020-1747,CVE-2025-50460 are fixed in Python-pyyaml 5.3.1 | Windows |
| Vulnerabilities CVE-2020-1747,CVE-2025-50460 are affected in Python-ms-swift 3.6.3 | Windows |
| SUSE-SU-2020:1285-1(SUSE Linux Enterprise Server 12-SP5 ) python-PyYAML-5.1.2-26.12.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1285-1(SUSE Linux Enterprise Server 12-SP5 ) python-PyYAML-debuginfo-5.1.2-26.12.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1285-1(SUSE Linux Enterprise Server 12-SP5 ) python-PyYAML-debugsource-5.1.2-26.12.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1285-1(SUSE Linux Enterprise Server 12-SP5 ) python3-PyYAML-5.1.2-26.12.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1285-1(SUSE Linux Enterprise Server 12-SP5 ) python3-PyYAML-debuginfo-5.1.2-26.12.1.x86_64.rpm | Linux |
| SUSE-SU-2020:1285-1(SUSE Linux Enterprise Server 12-SP4 ) python-PyYAML-5.1.2-26.12.1.x86_64_SP4.rpm | Linux |
| SUSE-SU-2020:1285-1(SUSE Linux Enterprise Server 12-SP4 ) python-PyYAML-debuginfo-5.1.2-26.12.1.x86_64_SP4.rpm | Linux |
| SUSE-SU-2020:1285-1(SUSE Linux Enterprise Server 12-SP4 ) python-PyYAML-debugsource-5.1.2-26.12.1.x86_64_SP4.rpm | Linux |
| SUSE-SU-2020:1285-1(SUSE Linux Enterprise Server 12-SP4 ) python3-PyYAML-5.1.2-26.12.1.x86_64_SP4.rpm | Linux |
| SUSE-SU-2020:1285-1(SUSE Linux Enterprise Server 12-SP4 ) python3-PyYAML-debuginfo-5.1.2-26.12.1.x86_64_SP4.rpm | Linux |
| Vulnerabilities CVE-2020-1747 are fixed in Python-pyyaml for linux 5.3.1 | Linux |
| Vulnerabilities CVE-2020-1747,CVE-2025-50460 are fixed in Python-pyyaml for linux 5.3.1 | Linux |
| Vulnerabilities CVE-2020-1747,CVE-2025-50460 are affected in Python-ms-swift for linux 3.6.3 | Linux |
| CVE-2020-1747 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234