CVE-2020-14343
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2020-14343
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
PyYAML 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
PyYAML是一款基于Python的YAML解析器和生成器。 PyYAML中存在输入验证错误漏洞,该漏洞源于网络系统或产品未对输入的数据进行正确的验证。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | PyYAML | PyYAML 5.4 | - |
II. Public POCs for CVE-2020-14343
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | Experimenting with the CVE-2020-14343 PyYAML vulnerability | https://github.com/raul23/pyyaml-CVE-2020-14343 | POC Details |
| 2 | A web application vulnerable to CVE-2020-14343 insecure deserialization leading to command execution in PyYAML package. | https://github.com/j4k0m/loader-CVE-2020-14343 | POC Details |
| 3 | CVE-2020-14343的payload | https://github.com/Kairo-one/CVE-2020-14343 | POC Details |
| 4 | CVE-2020-14343的payload | https://github.com/Kairo-one/CVE-2020-14343-PyYAML | POC Details |
| 5 | None | https://github.com/sijie52/yasa-cve-2020-14343 | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2020-14343
请登录查看更多情报信息。
Same Patch Batch · n/a · 2021-02-09 · 46 CVEs total
| CVE-2021-23327 | 6.3 MEDIUM | Cross-site Scripting (XSS) |
| CVE-2021-26550 | SmartFoxServer 安全漏洞 | |
| CVE-2020-35572 | SOURCEFORGE Adminer 跨站脚本漏洞 | |
| CVE-2021-26953 | Rust 信息泄露漏洞 | |
| CVE-2021-26957 | Rust 缓冲区错误漏洞 | |
| CVE-2021-26955 | Rust 安全漏洞 | |
| CVE-2021-26954 | Rust 资源管理错误漏洞 | |
| CVE-2021-26952 | Rust 信息泄露漏洞 | |
| CVE-2021-26951 | Rust 缓冲区错误漏洞 | |
| CVE-2021-26958 | Rust 安全漏洞 | |
| CVE-2021-26551 | SmartFoxServer 代码注入漏洞 | |
| CVE-2020-22839 | B2evolution Cms 跨站脚本漏洞 | |
| CVE-2021-26549 | GotoAndPlay SNC SmartFoxServer 跨站脚本漏洞 | |
| CVE-2020-18215 | PHPSHE SQL注入漏洞 | |
| CVE-2020-13117 | Wavlink WN575A4 和 WN579X3 命令注入漏洞 | |
| CVE-2020-28645 | OwnCloud 输入验证错误漏洞 | |
| CVE-2021-22267 | Idelji Web ViewPoint Suite 安全漏洞 | |
| CVE-2020-28644 | Owncloud ownCloud 跨站请求伪造漏洞 | |
| CVE-2021-3191 | HPE Web ViewPoint Suite 授权问题漏洞 | |
| CVE-2019-17582 | libzip 资源管理错误漏洞 |
Showing top 20 of 46 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
V. Comments for CVE-2020-14343
No comments yet