POLICY-OTHER --
POLICY-OTHER PyYAML Python object serialization attempt
This rule detects the attempted download of a YAML file that contains a serialized Python object by looking for the syntax used to create a new Python object. This rule is in response to the ability to run arbitrary code via the object deserialization process in PyYAML when loading untrusted YAML files without using a safe YAML load method.
This rule detects the attempted download of a YAML file that contains a serialized Python object.
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
N/A
Not Applicable
CVE-2020-14343 |
Loading description
|
CVE-2020-1747 |
Loading description
|
Tactic: Execution
Technique: Execution through Module Load
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org