CVE-2020-14343 — CRITICAL (9.8)

Q: How severe is CVE-2020-14343?

CVE-2020-14343 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2020-14343?

Check the references section above for vendor advisories and patch information. Affected products include: Pyyaml Pyyaml, Oracle Communications Cloud Native Core Network Function Cloud Native Environment.

Vulnerability Description

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Pyyaml	Pyyaml	>= 5.1, < 5.4
Oracle	Communications Cloud Native Core Network Function Cloud Native Environment	1.10.0

Related Weaknesses (CWE)

CWE-20

References

https://bugzilla.redhat.com/show_bug.cgi?id=1860466Issue TrackingThird Party Advisory
https://github.com/SeldonIO/seldon-core/issues/2252
https://github.com/yaml/pyyaml/issues/420
https://www.oracle.com/security-alerts/cpuapr2022.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.htmlPatchThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1860466Issue TrackingThird Party Advisory
https://github.com/SeldonIO/seldon-core/issues/2252
https://github.com/yaml/pyyaml/issues/420
https://www.oracle.com/security-alerts/cpuapr2022.htmlPatchThird Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.htmlPatchThird Party Advisory

FAQ

What is CVE-2020-14343?

CVE-2020-14343 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or ...

How severe is CVE-2020-14343?

CVE-2020-14343 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-14343?

Check the references section above for vendor advisories and patch information. Affected products include: Pyyaml Pyyaml, Oracle Communications Cloud Native Core Network Function Cloud Native Environment.