CVE for PyYAML RCE-factory API

[Alex Gaynor <alex.gaynor () gmail com>]

In releases of PyYAML < 4.1 using the `yaml.load()` API on untrusted input
could lead to arbitrary code execution. Instead, users were advised to use
the `yaml.safe_load()` API.

Starting with the PyYAML 4.1 release, the `yaml.load()` API has been made
safe-by-default. Users wishing to opt into the old behavior and produce
RCEs (or who trust their input) can use the `yaml.danger_load`.

Because of the degree to which this API presented a footgun, I would like
to request a CVE for it.

Alex

-- 
"I disapprove of what you say, but I will defend to the death your right to
say it." -- Evelyn Beatrice Hall (summarizing Voltaire)
"The people's good is the highest law." -- Cicero
GPG Key fingerprint: D1B3 ADC0 E023 8CA6