An exploitable vulnerability exists in the Databook loading functionality of Tablib. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability. External References: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0307
Created python-tablib tracking bugs for this issue: Affects: epel-6 [bug 1461298] Affects: fedora-all [bug 1461299]
Statement: Red Hat Product Security has rated this issue as having Low security impact in Red Hat OpenStack Platform. While the code is present in the python-tablib package, it is not reachable in any supported configuration. There is currently no plan to address this flaw in any supported version of Red Hat OpenStack platform.