Описание
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.
It was found that loading a yaml format Databook from an untrusted source could lead to arbitrary code execution in python-tablib as the safe_load method was not used to load the content.
Отчет
Red Hat Product Security has rated this issue as having Low security impact in Red Hat OpenStack Platform. While the code is present in the python-tablib package, it is not reachable in any supported configuration. There is currently no plan to address this flaw in any supported version of Red Hat OpenStack platform.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 10 (Newton) | python-tablib | Will not fix | ||
| Red Hat OpenStack Platform 11 (Ocata) | python-tablib | Will not fix | ||
| Red Hat OpenStack Platform 12 (Pike) | python-tablib | Not affected | ||
| Red Hat OpenStack Platform 8 (Liberty) | python-tablib | Will not fix | ||
| Red Hat OpenStack Platform 9 (Mitaka) | python-tablib | Will not fix |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.
An exploitable vulnerability exists in the Databook loading functional ...
7.5 High
CVSS3