Plattform
python
Komponente
tablib
Behoben in
0.11.5
CVE-2017-2810 is a critical remote code execution (RCE) vulnerability affecting Tablib versions up to 0.11.4. This vulnerability arises from insecure handling of YAML Databook files, allowing attackers to inject and execute arbitrary Python code. Successful exploitation can lead to complete system compromise. A patch is available in Tablib version 0.11.5.
The impact of CVE-2017-2810 is severe. An attacker can craft a malicious YAML Databook file that, when loaded by Tablib, will execute arbitrary Python commands on the system. This effectively grants the attacker complete control over the affected machine. The attack surface is broad, as any application or service utilizing Tablib to process YAML Databooks is potentially vulnerable. This vulnerability shares similarities with other deserialization vulnerabilities where untrusted data is processed without proper validation, potentially leading to code execution. The blast radius extends to any data accessible to the compromised system.
CVE-2017-2810 was publicly disclosed on 2018-07-13. While no active exploitation campaigns have been definitively linked to this CVE, the ease of exploitation and the potential for widespread impact make it a significant concern. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept exploits are available, demonstrating the feasibility of remote code execution.
Applications and systems that utilize Tablib version 0.11.4 or earlier, particularly those that process user-supplied YAML Databook files, are at significant risk. This includes systems that integrate with data processing pipelines or applications that handle external data sources in YAML format. Shared hosting environments where multiple applications share the same Tablib installation are also particularly vulnerable.
• python / system:
Get-Process | Where-Object {$_.ProcessName -like '*python*'} | Select-Object Name, Id, Path• python / file: Check for suspicious YAML files in locations where Databooks are processed. Look for embedded Python code or unusual YAML structures. • python / log: Monitor Python application logs for errors related to YAML parsing or execution. • generic web: If Tablib is exposed via a web application, check for unusual file uploads or requests containing YAML content.
disclosure
patch
Exploit-Status
EPSS
2.44% (85% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2017-2810 is to upgrade Tablib to version 0.11.5 or later, which contains the fix. If upgrading immediately is not feasible, consider implementing input validation to sanitize YAML Databook files before processing them. Specifically, restrict the allowed keys and data types within the YAML file. Additionally, consider using a safer YAML parser that provides better protection against code execution vulnerabilities. After upgrading, confirm the fix by attempting to load a known malicious YAML file (in a safe, isolated environment) and verifying that it no longer executes arbitrary code.
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2017-2810 is a critical remote code execution vulnerability in Tablib versions 0.11.4 and earlier. Malicious YAML Databook files can execute arbitrary Python code, leading to full system compromise.
You are affected if you are using Tablib version 0.11.4 or earlier and process YAML Databook files, especially those from untrusted sources.
Upgrade to Tablib version 0.11.5 or later to address the vulnerability. If immediate upgrade is not possible, implement strict input validation on Databook files.
While no widespread exploitation campaigns have been definitively linked, the vulnerability's ease of exploitation and potential impact make it a high-priority risk.
Refer to the Tablib project's security advisories and release notes for details: https://github.com/tablib/tablib/releases
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine requirements.txt-Datei hoch und wir sagen dir sofort, ob du betroffen bist.