# Unsafe YAML Deserialization

- ID: python-yaml-deserialization
- Severity: CRITICAL
- CWE: Deserialization of Untrusted Data (CWE-502)
- Languages: Python

## Description

Detects unsafe YAML deserialization using yaml.load() without SafeLoader.

## Remediation

Use yaml.safe_load() instead of yaml.load().

```python
config = yaml.safe_load(yaml_string)
```

Learn more: https://shoulder.dev/learn/python/cwe-502/yaml-deserialization

## Documentation

[object Object]

## Related Rules

- **Insecure Deserialization** [HIGH]: 
- **LLM Training Data Poisoning** [HIGH]: 
- **LLM Training Data Poisoning** [HIGH]: 
- **Unsafe Deserialization** [CRITICAL]: 
- **LLM Training Data Poisoning** [HIGH]: