From 513cb2d19abfbe5b3aea879bf1a0561ea211e7d4 Mon Sep 17 00:00:00 2001 From: David Garcia Date: Tue, 31 May 2022 11:01:09 +0200 Subject: [PATCH] Fix security bug: Deserialization of Untrusted Data Change-Id: I6228e249bdb0acf6f18924910fbb7105fc519eb4 Signed-off-by: David Garcia --- n2vc/k8s_helm_base_conn.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/n2vc/k8s_helm_base_conn.py b/n2vc/k8s_helm_base_conn.py index 952630a..d446b9b 100644 --- a/n2vc/k8s_helm_base_conn.py +++ b/n2vc/k8s_helm_base_conn.py @@ -1888,7 +1888,7 @@ class K8sHelmBaseConnector(K8sConnector): for key in params: value = params.get(key) if "!!yaml" in str(value): - value = yaml.load(value[7:]) + value = yaml.safe_load(value[7:]) params2[key] = value values_file = get_random_number() + ".yaml" -- 2.25.1