oss-sec mailing list archives
Re: CVE request for Django-piston and Tastypie
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 01 Nov 2011 13:15:53 -0600
On 11/01/2011 11:11 AM, David Black wrote:
y with respect to their de-serialization of YAML post data. Both Piston and Tastypie used the yaml.load method, which is unsafe. In certain
Can you please send me links for Piston and Tastypie announcements/code commits showing the vuln please? Thanks. -- -Kurt Seifried / Red Hat Security Response Team
Current thread:
- CVE request for Django-piston and Tastypie David Black (Nov 01)
- Re: CVE request for Django-piston and Tastypie Kurt Seifried (Nov 01)
- Re: CVE request for Django-piston and Tastypie Vincent Danen (Nov 01)
- Re: CVE request for Django-piston and Tastypie Kurt Seifried (Nov 01)
- Re: CVE request for Django-piston and Tastypie Vincent Danen (Nov 01)
- Re: CVE request for Django-piston and Tastypie David Black (Nov 01)
- Re: Re: CVE request for Django-piston and Tastypie Kurt Seifried (Nov 02)
- Re: CVE request for Django-piston and Tastypie Kurt Seifried (Nov 01)