Commits

Joshua Ginsberg committed 24fcc35

Fixed security bug in YAML emitter; H/T db@d1b.org

  • Participants
  • Parent commits c4b2d21

Comments (0)

Files changed (1)

File piston/emitters.py

 
 if yaml:  # Only register yaml if it was import successfully.
     Emitter.register('yaml', YAMLEmitter, 'application/x-yaml; charset=utf-8')
-    Mimer.register(lambda s: dict(yaml.load(s)), ('application/x-yaml',))
+    Mimer.register(lambda s: dict(yaml.safe_load(s)), ('application/x-yaml',))
 
 class PickleEmitter(Emitter):
     """