PyPI: locopy

CVE-2017-18342

Safety vulnerability ID: SFTY-20180627-89154

Safety legacy ID: pyup.io-41335

Locopy 0.3.8 includes a security patch for the function 'read_config_yaml' in 'locopy/utility.py'. It used the unsafe yaml.load(), that allows instantiation of arbitrary objects. Consider yaml.safe_load(). https://github.com/capitalone/locopy/pull/105

PythonPyPINVDNVD
Created at: Nov 5, 2025Updated at: Nov 5, 2025

Overview

Locopy 0.3.8 includes a security patch for the function 'read_config_yaml' in 'locopy/utility.py'. It used the unsafe yaml.load(), that allows instantiation of arbitrary objects. Consider yaml.safe_load(). https://github.com/capitalone/locopy/pull/105

Advisory

Locopy 0.3.8 includes a security patch for the function 'read_config_yaml' in 'locopy/utility.py'. It used the unsafe yaml.load(), that allows instantiation of arbitrary objects. Consider yaml.safe_load(). https://github.com/capitalone/locopy/pull/105

Affected Package

Affecting locopy package, versions
<0.3.8

Also affects

---

How to Fix

Upgrade
locopy
to
0.3.8
or higher.

Mitigation and Workarounds

---

Vulnerable Functions

Functions linked to known vulnerabilities.

Vulnerable function data is available for Enterprise customers

Book a call with us to see Safety in action.

References

Safety

Verified by Safety

Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.

Learn more