Red Hat Bugzilla – Bug 1461297
CVE-2017-2810 python-tablib: Databook loading functionality allows command execution
Last modified: 2017-09-12 17:58:01 EDT
An exploitable vulnerability exists in the Databook loading functionality of Tablib. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.
Created python-tablib tracking bugs for this issue:
Affects: epel-6 [bug 1461298]
Affects: fedora-all [bug 1461299]
Red Hat Product Security has rated this issue as having Low security impact in Red Hat OpenStack Platform. While the code is present in the python-tablib package, it is not reachable in any supported configuration. There is currently no plan to address this flaw in any supported version of Red Hat OpenStack platform.