From 513cb2d19abfbe5b3aea879bf1a0561ea211e7d4 Mon Sep 17 00:00:00 2001
From: David Garcia <david.garcia@canonical.com>
Date: Tue, 31 May 2022 11:01:09 +0200
Subject: [PATCH] Fix security bug: Deserialization of Untrusted Data

Change-Id: I6228e249bdb0acf6f18924910fbb7105fc519eb4
Signed-off-by: David Garcia <david.garcia@canonical.com>
---
 n2vc/k8s_helm_base_conn.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/n2vc/k8s_helm_base_conn.py b/n2vc/k8s_helm_base_conn.py
index 952630a..d446b9b 100644
--- a/n2vc/k8s_helm_base_conn.py
+++ b/n2vc/k8s_helm_base_conn.py
@@ -1888,7 +1888,7 @@ class K8sHelmBaseConnector(K8sConnector):
             for key in params:
                 value = params.get(key)
                 if "!!yaml" in str(value):
-                    value = yaml.load(value[7:])
+                    value = yaml.safe_load(value[7:])
                 params2[key] = value
 
             values_file = get_random_number() + ".yaml"
-- 
2.17.1