Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Problem-based-packs
- Python
- Airflow
- Attr
- Aws-lambda
- Bokeh
- Boto3
- Cassandra
- Click
- Correctness
- Couchbase
- Cryptography
- Distributed
- Django
- Docker
- Elasticsearch
- Fastapi
- Flask
- Jinja2
- Jwt
- Lang
- Best practice
- Code
- Compatibility
- Correctness
- Correctness
- Deserialization
- Tainted-dill
- Tainted-json
- Tainted-jsonpickle
- Tainted-marshal
- Tainted-numpy-pickle
- Tainted-pandas-hdf
- Tainted-pandas-pickle
- Tainted-pickle
- Tainted-pyyaml
- Tainted-ruamel
- Tainted-shelve
- Tainted-torch-pickle
- File
- Hardcoded
- Maintainability
- Os
- Security
- Security
- Ldap3
- Mariadb
- Mysql
- Mysqlclient
- Neo4j
- Openai
- Peewee
- Pg8000
- Psycopg2
- Pycryptodome
- Pyjwt
- Pymongo
- Pymssql
- Pymysql
- Pyramid
- Redis
- Requests
- Sh
- Sqlalchemy
- Tormysql
- Urllib3
- Webrepl
- Wtforms
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml
Tainted-pyyaml
Tainted pyyaml
The application may convert user-controlled data into an object, which can lead to an insecure deserialization vulnerability. An attacker can create a malicious serialized object, pass it to the application, and take advantage of the deserialization process to perform Denial-of-service (DoS), Remote code execution (RCE), or bypass access control measures. PyYAML’s yaml module is as powerful as pickle and so may call auny Python function. It is recommended to secure your application by using yaml.SafeLoader or yaml.CSafeLoader.
Likelihood: MEDIUM
Confidence: HIGH
CWE:
- CWE-502: Deserialization of Untrusted Data
OWASP:
- A08:2017 - Insecure Deserialization
- A08:2021 - Software and Data Integrity Failures