CVE-2011-4103

NameCVE-2011-4103
Descriptionemitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2344-1
Debian Bugs647315

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
python-django-pistonsourcesqueeze0.2.2-1+squeeze1DSA-2344-1
python-django-pistonsource(unstable)0.2.2-2high647315

Search for package or bug name: Reporting problems