CVE-2019-20478 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-20478 Interim 1 19 2026-03-05T06:00:45Z current 2021-05-30T14:34:17Z 2026-03-05T06:00:45Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-20478 In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safe_load in these use cases. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Module for Public Cloud 12 openSUSE Tumbleweed python-ruamel.yaml python310-ruamel.yaml-0.18.6-1.2 python311-ruamel.yaml-0.18.6-1.2 python312-ruamel.yaml-0.18.6-1.2 python313-ruamel.yaml-0.18.10-160000.2.2 python36-ruamel.yaml-0.17.10-1.2 python38-ruamel.yaml-0.17.10-1.2 python39-ruamel.yaml-0.17.10-1.2 python313-ruamel.yaml-0.18.10-160000.2.2 as a component of SUSE Linux Enterprise Server 16.0 python310-ruamel.yaml-0.18.6-1.2 as a component of openSUSE Tumbleweed python311-ruamel.yaml-0.18.6-1.2 as a component of openSUSE Tumbleweed python312-ruamel.yaml-0.18.6-1.2 as a component of openSUSE Tumbleweed python36-ruamel.yaml-0.17.10-1.2 as a component of openSUSE Tumbleweed python38-ruamel.yaml-0.17.10-1.2 as a component of openSUSE Tumbleweed python39-ruamel.yaml-0.17.10-1.2 as a component of openSUSE Tumbleweed python-ruamel.yaml as a component of SUSE Linux Enterprise Module for Public Cloud 12 In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safe_load in these use cases. CVE-2019-20478 SUSE Linux Enterprise Server 16.0:python313-ruamel.yaml-0.18.10-160000.2.2 openSUSE Tumbleweed:python310-ruamel.yaml-0.18.6-1.2 openSUSE Tumbleweed:python311-ruamel.yaml-0.18.6-1.2 openSUSE Tumbleweed:python312-ruamel.yaml-0.18.6-1.2 openSUSE Tumbleweed:python36-ruamel.yaml-0.17.10-1.2 openSUSE Tumbleweed:python38-ruamel.yaml-0.17.10-1.2 openSUSE Tumbleweed:python39-ruamel.yaml-0.17.10-1.2 SUSE Linux Enterprise Module for Public Cloud 12:python-ruamel.yaml important 10 AV:N/AC:L/Au:N/C:C/I:C/A:C 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L