Safety vulnerability ID: 41377
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Python-Coveralls 2.9.3 includes a security patch for the function 'parse_args' in 'coveralls/init.py'. It used the unsafe yaml.load(), that allows instantiation of arbitrary objects. Consider yaml.safe_load().
https://github.com/z4r/python-coveralls/commit/cb798698f3d6ef120e6d6ff87d4d4a0e239d8c85#diff-82a6c0a53e21b94154c2c4ec0c9c76370e6e9d4305c551b8e70c82add2030db1
Latest version: 2.9.3
Python interface to coveralls.io API
Python-Coveralls version 2.9.3 includes a security patch for the function 'parse_args' in 'coveralls/init.py'. Use of unsafe yaml load. Allows instantiation of arbitrary objects. Consider yaml.safe_load(). See also: https://github.com/z4r/python-coveralls/commit/cb798698f3d6ef120e6d6ff87d4d4a0e239d8c85#diff-82a6c0a53e21b94154c2c4ec0c9c76370e6e9d4305c551b8e70c82add2030db1
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application