CRITICALCVE-2017-2810CVSS 9.8

CVE-2017-2810: RCE in Tablib 0.11.4

Platform

python

Component

tablib

Fixed in

0.11.5

AI Confidence: highNVDEPSS 2.4%Reviewed: May 2026

View on NVD

Save

CVE-2017-2810 is a critical remote code execution (RCE) vulnerability affecting Tablib versions up to 0.11.4. This vulnerability arises from insecure handling of YAML Databook files, allowing attackers to inject and execute arbitrary Python code. Successful exploitation can lead to complete system compromise. A patch is available in Tablib version 0.11.5.

Impact and Attack Scenarios

The impact of CVE-2017-2810 is severe. An attacker can craft a malicious YAML Databook file that, when loaded by a vulnerable Tablib instance, will execute arbitrary Python code on the system. This effectively grants the attacker complete control over the affected machine. The attacker could install malware, steal sensitive data, modify system configurations, or use the compromised system as a launchpad for further attacks. This vulnerability shares similarities with other YAML deserialization vulnerabilities where malicious payloads can be embedded within seemingly harmless data files.

Exploitation Context

CVE-2017-2810 was publicly disclosed on July 13, 2018. While no widespread exploitation campaigns have been definitively linked to this CVE, the ease of exploitation and the potential for significant impact make it a high-priority vulnerability. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept exploits are available, demonstrating the feasibility of remote code execution.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

Internet ExposureHigh

EPSS

2.44% (85% percentile)

CVSS Vector

Affected Software

Componenttablib

Vendorosv

Affected rangeFixed in

—0.11.5

Timeline

Published2018-07-13
Modified2024-12-07
EPSS updated2026-04-02

Patched -394 days after disclosure

Mitigation and Workarounds

The primary mitigation for CVE-2017-2810 is to upgrade to Tablib version 0.11.5 or later, which addresses the vulnerability. If upgrading immediately is not feasible, consider implementing strict input validation on Databook files to prevent the inclusion of potentially malicious code. While not a complete solution, restricting file access and permissions can limit the potential damage. Monitor system logs for unusual Python process activity or unexpected file modifications. If possible, implement a Web Application Firewall (WAF) to filter out malicious YAML payloads before they reach the Tablib application.

How to fix

No official patch available. Check for workarounds or monitor for updates.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2017-2810 — RCE in Tablib 0.11.4?

CVE-2017-2810 is a critical remote code execution vulnerability in Tablib versions 0.11.4 and earlier. Malicious YAML Databook files can execute arbitrary Python code, leading to full system compromise.

Am I affected by CVE-2017-2810 in Tablib 0.11.4?

You are affected if you are using Tablib version 0.11.4 or earlier and process YAML Databook files, especially those from untrusted sources.

How do I fix CVE-2017-2810 in Tablib 0.11.4?

Upgrade to Tablib version 0.11.5 or later to address the vulnerability. If immediate upgrade is not possible, implement strict input validation on Databook files.

Is CVE-2017-2810 being actively exploited?

While no widespread exploitation campaigns have been definitively linked, the vulnerability's ease of exploitation and potential impact make it a high-priority risk.

Where can I find the official Tablib advisory for CVE-2017-2810?

Refer to the Tablib project's security advisories and release notes for details: https://github.com/tablib/tablib/releases