suse · CVE-2017-18342

Quick triage

Priority: high Published: 2021-05-30 14:05:44 UTC Updated: 2026-04-17 15:47:16 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2017-18342 severity important: SUSE including 303 source package names (amazon/suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64, amazon/suse-sles-15-sp1-chost-byos-v20220127-hvm-ssd-x86_64, …), 388 product×package rows across 69 product lines (HPE Helion OpenStack 8, Image SLES12-SP5-Azure-BYOS, … (69 product lines)): Known Affected 181, Fixed 147, Known Not Affected 60.

Description:

In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.

cvelogic Threat Intelligence