CVE-2011-4103

EUVD-2014-0005
emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
Affected Products (NVD)
VendorProductVersion
djangoprojectpiston
𝑥
≤ 0.2.2.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python-django-piston
hardy
dne
lucid
dne
maverick
Fixed 0.2.2-1ubuntu0.2
released
natty
Fixed 0.2.2-1ubuntu1.11.04.1
released
oneiric
Fixed 0.2.2-1ubuntu1.11.10.1
released
Common Weakness Enumeration
References
http://www.debian.org/security/2011/dsa-2344
http://www.openwall.com/lists/oss-security/2011/11/01/10
https://bitbucket.org/jespern/django-piston/commits/91bdaec89543/
https://bugzilla.redhat.com/show_bug.cgi?id=750658
https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/
http://www.debian.org/security/2011/dsa-2344
http://www.openwall.com/lists/oss-security/2011/11/01/10
https://bitbucket.org/jespern/django-piston/commits/91bdaec89543/
https://bugzilla.redhat.com/show_bug.cgi?id=750658
https://www.djangoproject.com/weblog/2011/nov/01/piston-and-tastypie-security-releases/