Tag
cve-2020-14343
Safeguard articles tagged "cve-2020-14343" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Vulnerability Analysis
PyYAML full_load unsafe deserialization arbitrary code execution (CVE-2020-14343)
CVE-2020-14343 shows PyYAML's full_load/FullLoader "safe" fix was incomplete, enabling arbitrary code execution. Here's the fix and how to detect exposure.
Dec 30, 20257 min read
Vulnerability Analysis
CVE-2020-14343: PyYAML arbitrary code execution via pytho...
CVE-2020-14343 lets attackers run arbitrary code via PyYAML's python/object/new tag, bypassing an earlier FullLoader fix. Versions, CVSS, and remediation inside.
Oct 6, 20257 min read