An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Tablib | Python | 0.11.4 (including) | 0.11.4 (including) |