Cisco Blogs

Vulnerability Spotlight: YAML Parsing Remote Code Execution Vulnerabilities in Ansible Vault and Tablib.

- September 14, 2017 - 0 Comments

Talos is disclosing the presences of remote code execution vulnerabilities in the processing of Yet Another Markup Language (YAML) content in Ansible Vault and Tablib. Attackers can exploit these vulnerabilities through supplying malicious YAML content to execute arbitrary commands on vulnerable systems.

YAML is a data serialisation markup format which is designed to be readable for humans yet easily parsed by machines. Many tools and libraries have been developed to parse YAML data. The Python YAML parsing library PyYAML provides two API calls to parse YAML data: yaml.load and yaml.safe_load. The former API does not correctly sanitise YAML input which allows attackers to embed Python code to be executed within YAML content.



In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.