projects / osm / N2VC.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix security bug: Deserialization of Untrusted Data
[osm/N2VC.git] / n2vc / k8s_helm_base_conn.py
diff --git a/n2vc/k8s_helm_base_conn.py b/n2vc/k8s_helm_base_conn.py
index 952630a..d446b9b 100644 (file)
--- a/n2vc/k8s_helm_base_conn.py
+++ b/n2vc/k8s_helm_base_conn.py
@@ -1888,7 +1888,7 @@ class K8sHelmBaseConnector(K8sConnector):
             for key in params:
                 value = params.get(key)
                 if "!!yaml" in str(value):
-                    value = yaml.load(value[7:])
+                    value = yaml.safe_load(value[7:])
                 params2[key] = value
 
             values_file = get_random_number() + ".yaml"