CVE-2017-2810

Name of the Vulnerable Software and Affected Versions Tablib version 0.11.4

Description The issue is related to the Databook loading functionality in Tablib, where a yaml loaded Databook can execute arbitrary python commands, resulting in command execution. This is due to the lack of input data sanitization in the yaml.load function. An attacker can insert python code into loaded yaml to trigger this vulnerability, potentially allowing a remote attacker to execute arbitrary commands.

Recommendations For Tablib version 0.11.4, consider disabling the Databook loading functionality or restricting the use of yaml.load until a patch is available. As a temporary workaround, avoid using the yaml.load function to load untrusted yaml files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.