Python3-pyyaml-3.12-12 detected as vulnerable on rocky 8-CVE-2020-14343

sagarseapatil · January 21, 2026, 7:22am

Hi,

From one of our sec tool as detected python3-pyyaml-3.12-12 as vulnerable on rocky 8. This is the latest version available at rocky8 upstream.Is CVE-2020-14343 associated with is fixed ?

Any links with the fix will help us.

jlehtone · January 21, 2026, 9:16am

The python3-pyyaml-3.12-12.el8 is a library/module for Python 3.6 – the “platform Python”.

The cve-details states that PyYAML of RHEL 8 is “Not Affected”.

They do note that some Red Hat applications do use affected version of PyYAML,
but they either call “safe_load” or specify SafeLoader when callitg “load”.

The question is thus, do you have applications that do not use the safe methods?
(Naturally, any user could write Python script that does use the unsafe methods.)

Topic		Replies	Views
Does RockyLinux 8.10 contain PyYaml critical vulnerability? Rocky Linux Help & Support rocky-linux-8	2	308	October 14, 2024
Rocky Linux 8.9 has CVE Vulnerabilities Rocky Linux Help & Support rocky-linux-8	6	4987	March 24, 2024
Rocky Errata Database Rocky Linux Help & Support	4	821	January 20, 2024
Is ROcky Linux 8 is affected by CVE-2022-23491 Rocky Linux Help & Support rocky-linux-8	3	143	December 8, 2024
Python36 module is outdated on appstream repo Rocky Linux Help & Support rocky-linux-8	7	495	July 9, 2024

Python3-pyyaml-3.12-12 detected as vulnerable on rocky 8-CVE-2020-14343

Related topics