Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2017-2810

Опубликовано: 14 июн. 2017
Источник: debian

Описание

An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python-tablibfixed0.9.11-3package
python-tablibfixed0.9.11-2+deb8u1stretchpackage
python-tablibfixed0.9.11-2+deb8u1jessiepackage

Примечания

  • Fixed by: https://github.com/kennethreitz/tablib/commit/69abfc3ada5d754cb152119c0b4777043657cb6e

  • https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0307

Связанные уязвимости

ubuntu логотип

CVE-2017-2810

CVSS3: 7.5
ubuntu
больше 8 лет назад

An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.

redhat логотип

CVE-2017-2810

CVSS3: 7.5
redhat
больше 8 лет назад

An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.

nvd логотип

CVE-2017-2810

CVSS3: 7.5
nvd
больше 8 лет назад

An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.

suse-cvrf логотип

openSUSE-SU-2017:1689-1

suse-cvrf
больше 8 лет назад

Security update for python-tablib

suse-cvrf логотип

SUSE-SU-2017:2105-1

suse-cvrf
больше 8 лет назад

Security update for python-tablib