Workflow

PyPi: Yasha

PVE-2021-35004

Safety vulnerability ID: 35004

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Apr 14, 2021 Updated at Dec 09, 2022

Advisory

yasha before 4.0 is parsing JSON without using the 'safe_load' function.

[This advisory has been limited. Please create a free account to view the full advisory.]

Affected package

yasha

Latest version: 5.0

A command-line tool to render Jinja templates

Affected versions

Fixed versions

Vulnerability changelog

----------- Major release, released 8 Oct 2017 - Reverted the change introduced in vers…

[This text has been limited. Please create a free account to view the full text.]

Resources