RSS   Vulnerabilities for 'Django piston'   RSS

2014-10-26
 
CVE-2011-4103

CWE-20
 

 
emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.

 

 >>> Vendor: Djangoproject 5 Products
Django
Django piston
Piston
Tastypie
Channels


Copyright 2024, cxsecurity.com

 

Back to Top