{
  "version": "14.0.4",
  "vulnerabilities": [
    {
      "id": "985a5666dcae22adef5ac12f8a8a2dacf9b9b481ae5d87cd0ac1712b0fd64864",
      "category": "sast",
      "message": "Deserialization of Untrusted Data",
      "description": "Avoid using `load()`. `PyYAML.load` can create arbitrary Python\nobjects. A malicious actor could exploit this to run arbitrary\ncode. Use `safe_load()` instead.\n",
      "cve": "",
      "severity": "Critical",
      "scanner": {
        "id": "semgrep",
        "name": "Semgrep"
      },
      "location": {
        "file": "app/app.py",
        "start_line": 39
      },
      "identifiers": [
        {
          "type": "semgrep_id",
          "name": "bandit.B506",
          "value": "bandit.B506",
          "url": "https://semgrep.dev/r/gitlab.bandit.B506"
        },
        {
          "type": "cwe",
          "name": "CWE-502",
          "value": "502",
          "url": "https://cwe.mitre.org/data/definitions/502.html"
        },
        {
          "type": "bandit_test_id",
          "name": "Bandit Test ID B506",
          "value": "B506"
        }
      ],
      "tracking": {
        "type": "source",
        "items": [
          {
            "file": "app/app.py",
            "line_start": 39,
            "line_end": 39,
            "signatures": [
              {
                "algorithm": "scope_offset",
                "value": "app/app.py|yaml_hammer[0]:13"
              }
            ]
          }
        ]
      }
    }
  ],
  "scan": {
    "scanner": {
      "id": "semgrep",
      "name": "Semgrep",
      "url": "https://github.com/returntocorp/semgrep",
      "vendor": {
        "name": "GitLab"
      },
      "version": "0.82.0"
    },
    "type": "sast",
    "start_time": "2022-03-11T18:48:16",
    "end_time": "2022-03-11T18:48:22",
    "status": "success"
  }
}