CVE-2011-4103
python-django-piston - deserialization vulnerability
9.8
CRITICAL
CVSS 3.1
EPSS 0.82%
Description
emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.
How to fix CVE-2011-4103
To remediate CVE-2011-4103, upgrade the affected package to a fixed version below.
- Debian/python-django-piston—upgrade to 0.2.2-1+squeeze1 or later
- —upgrade to 0.2.2.1 or later
- —upgrade to 0.2.3 or later
Is CVE-2011-4103 being exploited?
Low — EPSS is 0.8%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 0.2.2-1+squeeze1
- >= 0.2.0, < 0.2.2.1
- from 0, < 0.2.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |