Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-14343
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
PyYAML 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
PyYAML是一款基于Python的YAML解析器和生成器。 PyYAML中存在输入验证错误漏洞,该漏洞源于网络系统或产品未对输入的数据进行正确的验证。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
-PyYAML PyYAML 5.4 -
II. Public POCs for CVE-2020-14343
#POC DescriptionSource LinkShenlong Link
1Experimenting with the CVE-2020-14343 PyYAML vulnerabilityhttps://github.com/raul23/pyyaml-CVE-2020-14343POC Details
2A web application vulnerable to CVE-2020-14343 insecure deserialization leading to command execution in PyYAML package.https://github.com/j4k0m/loader-CVE-2020-14343POC Details
3CVE-2020-14343的payloadhttps://github.com/Kairo-one/CVE-2020-14343POC Details
4CVE-2020-14343的payloadhttps://github.com/Kairo-one/CVE-2020-14343-PyYAMLPOC Details
5Nonehttps://github.com/sijie52/yasa-cve-2020-14343POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2020-14343
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: PyYAML
Same vendor: n/a
Same weakness: CWE-20
V. Comments for CVE-2020-14343

No comments yet

Leave a comment