Date: Tue, 01 Nov 2011 13:15:53 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request for Django-piston and Tastypie On 11/01/2011 11:11 AM, David Black wrote: > y with respect to their de-serialization of YAML post > data. Both Piston and Tastypie used the yaml.load method, which is > unsafe. In certain Can you please send me links for Piston and Tastypie announcements/code commits showing the vuln please? Thanks. -- -Kurt Seifried / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.