Описание
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 0.9.11-3 |
| cosmic | not-affected | 0.9.11-3 |
| devel | not-affected | 0.9.11-3 |
| disco | not-affected | 0.9.11-3 |
| esm-apps/bionic | not-affected | 0.9.11-3 |
| esm-apps/xenial | released | 0.9.11-2+deb9u1build0.16.04.1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
Показывать по
7.5 High
CVSS2
7.5 High
CVSS3
Связанные уязвимости
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.
An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.
An exploitable vulnerability exists in the Databook loading functional ...
7.5 High
CVSS2
7.5 High
CVSS3