FAQ | This is a LIVE service | Changelog

Skip to content

config: use yaml.safe_load()

Dr Rich Wareham requested to merge issue-3-yaml-safe-load into master

The default yaml.load() function allows creation of arbitrary Python objects. Since we're using YAML as a passive configuration file format, use safe_load() instead.

This vulnerability was found using the GitLab SAST scanner.

Closes #3 (closed).

Merge request reports

Loading