Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
change "yaml.load" to better "yaml.safe_load"
https://bugs.gentoo.org/659348 It is reported that in PyYAML before 4.1, usage of yaml.load() function on untrusted input could lead to arbitrary code execution. It is therefore recommended to use yaml.safe_load() instead. With 4.1, yaml.load() has been changed to call safe_load(). * Report: http://seclists.org/oss-sec/2018/q2/240 * Upstream change: yaml/pyyaml#74 * CVE: pending -- Gentoo Security Scout Vladimir Krstulja
- Loading branch information