Headline
CVE-2023-47204: fix(yaml_serializer): use yaml.SafeLoader by toumorokoshi · Pull Request #58 · toumorokoshi/transmute-core
Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code.
yaml.Loader allows for remote execution of arbitrary Python code during deserialization, which is a security risk.
Using SafeLoader prevents that.
Also updating unit tests for new changes since last release (new major version with test client changes for aiohttp)
Related news
GHSA-w9cp-3x79-2p8p: transmute-core unsafe YAML deserialization vulnerability
Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code.