From 9148f25c9864b6f09d53065b4ff4be74299f40f1 Mon Sep 17 00:00:00 2001
From: Daniel Neilson <53624638+ddneilson@users.noreply.github.com>
Date: Thu, 27 May 2021 11:53:10 -0500
Subject: [PATCH] fix(core): improve security of mongodb setup script (#445)

---
 .../aws-rfdk/lib/core/scripts/mongodb/3.6/setupMongodStorage.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/aws-rfdk/lib/core/scripts/mongodb/3.6/setupMongodStorage.py b/packages/aws-rfdk/lib/core/scripts/mongodb/3.6/setupMongodStorage.py
index cbe5283d0..803a4e562 100644
--- a/packages/aws-rfdk/lib/core/scripts/mongodb/3.6/setupMongodStorage.py
+++ b/packages/aws-rfdk/lib/core/scripts/mongodb/3.6/setupMongodStorage.py
@@ -76,7 +76,7 @@ def main():
     if not os.path.isdir(storage_path):
         raise Exception("ERROR -- {storage_path} is not a directory.".format(storage_path=storage_path))
 
-    mongod_conf = yaml.load(sys.stdin)
+    mongod_conf = yaml.safe_load(sys.stdin)
     modify_storage_path(mongod_conf, storage_path)
     print(yaml.dump(mongod_conf, default_flow_style=False))