Security Vulnerability in PyYAML-3.x: upgrade needed
Bug #1839398 reported by
Mario Luan
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned | ||
oslo.config |
Fix Released
|
Medium
|
Unassigned |
Bug Description
PyYAML-3.x has a "Improper Input Validation" security vulnerability [1].
This dependency should be upgraded to at least 5.x in order to resolve this issue.
CVE References
Changed in ossa: | |
status: | New → Won't Fix |
information type: | Public Security → Public |
tags: | added: security |
Changed in oslo.config: | |
status: | Triaged → Fix Released |
To post a comment you must log in.
Converting to public as I've pushed a patch for this in https:/ /review. opendev. org/c/openstack /oslo.config/ +/776481
Also, it's not really a vulnerability in oslo.config itself, so it's probably just as well that our users be able to see that they should use a newer PyYAML.