35 matches found
Remote Code Execution (RCE)
Tablib is vulnerable to remote code execution RCE. The Databook functionality within Tablib deserializes untrusted data from yaml files when importing books, allowing attackers to execute python commands...
PYSEC-2017-95
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability...
UBUNTU-CVE-2017-2810
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability...
CVE-2017-2810
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability...
Design/Logic Flaw
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability...
PYSEC-2017-95
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability...
CVE-2017-2810
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability...
bubble (>=2016.3.17 <=2016.8.16), cryptocmd (>=0.5.1 <=0.5.2) +1 more potentially affected by CVE-2017-2810 via tablib (>=0.11.2 <=0.11.4)
tablib PYPI version =0.11.2, =2016.3.17, =0.5.1, =0.1.1, =0.2.3 Source cves: CVE-2017-2810 Source advisory: OSV:PYSEC-2017-95...
DEBIAN-CVE-2017-2810
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability...
CVE-2017-2810
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability...
CVE-2017-2810
CVE-2017-2810 affects Tablib 0.11.4, where Databook loading via YAML can execute arbitrary Python commands, enabling remote code execution. Public descriptions reference exploitation by inserting Python into loaded YAML, resulting in command execution with the process’s privileges. Connected advi...
CVE-2017-2810
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability...
CVE-2017-2810
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability...
CVE-2017-2810
It was found that loading a yaml format Databook from an untrusted source could lead to arbitrary code execution in python-tablib as the safeload method was not used to load the content...
Tablib Yaml Load Code Execution Vulnerability
Summary An exploitable vulnerability exists in the Databook loading functionality of Tablib. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability. Tested Versions Tablib v0.11.4...