CVE-2011-4103

NameCVE-2011-4103
Descriptionemitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2344-1
NVD severityhigh (attack range: remote)
Debian Bugs647315

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
python-django-piston (PTS)buster, sid, jessie, stretch0.2.3-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
python-django-pistonsource(unstable)0.2.2-2high647315
python-django-pistonsourcesqueeze0.2.2-1+squeeze1highDSA-2344-1
Search for package or bug name: Reporting problems