Arbitrary Command Execution in Tablib 0.11.4 via Databook Loading Vulnerability

Arbitrary Command Execution in Tablib 0.11.4 via Databook Loading Vulnerability

CVE-2017-2810 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.

Learn more about our Web Application Penetration Testing UK.