python27:2.7/python2-pyyaml vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the python27:2.7/python2-pyyaml package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Cross-site Scripting (XSS)	<0:3.12-16.module_el8.6.0+3162+01a09e5a
M CVE-2023-43804	<0:3.12-16.module_el8.6.0+3162+01a09e5a
M XML External Entity (XXE) Injection	<0:3.12-16.module_el8.6.0+3162+01a09e5a
M Use After Free	<0:3.12-16.module_el8.6.0+3162+01a09e5a
M Inefficient Regular Expression Complexity	<0:3.12-16.module_el8.6.0+3162+01a09e5a
M Information Exposure	<0:3.12-16.module_el8.6.0+3162+01a09e5a
H CVE-2023-40217	<0:3.12-16.module_el8.6.0+3162+01a09e5a
H Improper Input Validation	<0:3.12-16.module_el8.6.0+3162+01a09e5a
M HTTP Request Smuggling	<0:3.12-16.module_el8.6.0+2781+fed64c13
M Directory Traversal	<0:3.12-16.module_el8.6.0+2781+fed64c13
M CRLF Injection	<0:3.12-16.module_el8.6.0+2781+fed64c13
M CRLF Injection	<0:3.12-16.module_el8.6.0+2781+fed64c13
M Deserialization of Untrusted Data	<0:3.12-16.module_el8.6.0+2781+fed64c13
M Directory Traversal	<0:3.12-16.module_el8.6.0+2781+fed64c13
M CVE-2020-27619	<0:3.12-16.module_el8.6.0+2781+fed64c13
H CVE-2019-9636	<0:3.12-16.module_el8.6.0+2781+fed64c13
H SQL Injection	<0:3.12-16.module_el8.6.0+2781+fed64c13
H SQL Injection	<0:3.12-16.module_el8.6.0+2781+fed64c13
M Loop with Unreachable Exit Condition ('Infinite Loop')	<0:3.12-16.module_el8.6.0+2781+fed64c13
M Unchecked Return Value	<0:3.12-16.module_el8.6.0+2781+fed64c13
M Resource Exhaustion	<0:3.12-16.module_el8.6.0+2781+fed64c13
M Resource Exhaustion	<0:3.12-16.module_el8.6.0+2781+fed64c13
M Arbitrary Code Injection	<0:3.12-16.module_el8.6.0+2781+fed64c13
M Resource Exhaustion	<0:3.12-16.module_el8.6.0+2781+fed64c13
M Inefficient Regular Expression Complexity	<0:3.12-16.module_el8.6.0+2781+fed64c13
M Loop with Unreachable Exit Condition ('Infinite Loop')	<0:3.12-16.module_el8.6.0+2781+fed64c13
M Cross-site Scripting (XSS)	<0:3.12-16.module_el8.6.0+2781+fed64c13
M CVE-2019-16056	<0:3.12-16.module_el8.6.0+2781+fed64c13
M Improper Certificate Validation	<0:3.12-16.module_el8.6.0+2781+fed64c13
M CRLF Injection	<0:3.12-16.module_el8.6.0+2781+fed64c13
M Improper Input Validation	<0:3.12-16.module_el8.6.0+2781+fed64c13
M CVE-2018-20060	<0:3.12-16.module_el8.6.0+2781+fed64c13
M Arbitrary Code Injection	<0:3.12-16.module_el8.6.0+2781+fed64c13
M Insufficiently Protected Credentials	<0:3.12-16.module_el8.6.0+2781+fed64c13
M Cross-site Scripting (XSS)	<0:3.12-16.module_el8.6.0+2781+fed64c13
M Buffer Overflow	<0:3.12-16.module_el8.6.0+2781+fed64c13
M Cross-site Scripting (XSS)	<0:3.12-16.module_el8.6.0+2781+fed64c13
M Arbitrary Code Injection	<0:3.12-16.module_el8.6.0+2781+fed64c13
M Directory Traversal	<0:3.12-16.module_el8.6.0+2781+fed64c13
M CVE-2021-20095	<0:3.12-16.module_el8.6.0+2781+fed64c13
M Arbitrary Code Injection	<0:3.12-16.module_el8.6.0+2781+fed64c13
M Arbitrary Command Injection	<0:3.12-16.module_el8.6.0+2781+fed64c13
M Algorithmic Complexity	<0:3.12-16.module_el8.6.0+2781+fed64c13

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)