CVE-2017-2810 HIGH

CVE-2017-2810

Vendor Kenneth Reitz
Product Tablib
Published June 14, 2017
Last update August 5, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.

Key dates

02Disclosure timeline

June 14, 2017 CVE published
August 5, 2024 Record updated