CVE-2011-4104

Django Tastypie < 0.9.10 - Remote Code Execution via YAML Deserialization

Title source: llm
STIX 2.1

Description

The from_yaml method in serializers.py in Django Tastypie before 0.9.10 does not properly deserialize YAML data, which allows remote attackers to execute arbitrary Python code via vectors related to the yaml.load method.

Scores

EPSS 0.0241
EPSS Percentile 82.1%

Details

CWE
CWE-20
Status published
Products (2)
djangoproject/tastypie < 0.9.9
pypi/django-tastypie 0 - 0.9.10PyPI
Published Oct 27, 2014
Tracked Since Feb 18, 2026