Plataforma
python
Componente
tablib
Corrigido em
0.11.5
CVE-2017-2810 is a critical remote code execution (RCE) vulnerability affecting Tablib versions up to 0.11.4. This vulnerability arises from insecure handling of YAML Databook files, allowing attackers to inject and execute arbitrary Python code. Successful exploitation can lead to complete system compromise. A patch is available in Tablib version 0.11.5.
The impact of CVE-2017-2810 is severe. An attacker can craft a malicious YAML Databook file that, when loaded by a vulnerable Tablib instance, will execute arbitrary Python code on the system. This effectively grants the attacker complete control over the affected machine. The attacker could install malware, steal sensitive data, modify system configurations, or use the compromised system as a launchpad for further attacks. This vulnerability shares similarities with other YAML deserialization vulnerabilities where malicious payloads can be embedded within seemingly harmless data files.
CVE-2017-2810 was publicly disclosed on July 13, 2018. While no widespread exploitation campaigns have been definitively linked to this CVE, the ease of exploitation and the potential for significant impact make it a high-priority vulnerability. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept exploits are available, demonstrating the feasibility of remote code execution.
Applications and systems that utilize Tablib version 0.11.4 or earlier, particularly those that process user-supplied YAML Databook files, are at significant risk. This includes systems that integrate with data processing pipelines or applications that handle external data sources in YAML format. Shared hosting environments where multiple applications share the same Tablib installation are also particularly vulnerable.
• python / system:
Get-Process | Where-Object {$_.ProcessName -like '*python*'} | Select-Object Name, Id, Path• python / file: Check for suspicious YAML files in locations where Databooks are processed. Look for embedded Python code or unusual YAML structures. • python / log: Monitor Python application logs for errors related to YAML parsing or execution. • generic web: If Tablib is exposed via a web application, check for unusual file uploads or requests containing YAML content.
disclosure
patch
Status do Exploit
EPSS
2.44% (percentil 85%)
Vetor CVSS
The primary mitigation for CVE-2017-2810 is to upgrade to Tablib version 0.11.5 or later, which addresses the vulnerability. If upgrading immediately is not feasible, consider implementing strict input validation on Databook files to prevent the inclusion of potentially malicious code. While not a complete solution, restricting file access and permissions can limit the potential damage. Monitor system logs for unusual Python process activity or unexpected file modifications. If possible, implement a Web Application Firewall (WAF) to filter out malicious YAML payloads before they reach the Tablib application.
Nenhum patch oficial disponível. Procure alternativas ou monitore atualizações.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2017-2810 is a critical remote code execution vulnerability in Tablib versions 0.11.4 and earlier. Malicious YAML Databook files can execute arbitrary Python code, leading to full system compromise.
You are affected if you are using Tablib version 0.11.4 or earlier and process YAML Databook files, especially those from untrusted sources.
Upgrade to Tablib version 0.11.5 or later to address the vulnerability. If immediate upgrade is not possible, implement strict input validation on Databook files.
While no widespread exploitation campaigns have been definitively linked, the vulnerability's ease of exploitation and potential impact make it a high-priority risk.
Refer to the Tablib project's security advisories and release notes for details: https://github.com/tablib/tablib/releases
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo requirements.txt e descubra na hora se você está afetado.