High severity7.5NVD Advisory· Published Jun 14, 2017· Updated May 13, 2026

CVE-2017-2810

Description

An exploitable vulnerability exists in the Databook loading functionality of Tablib 0.11.4. A yaml loaded Databook can execute arbitrary python commands resulting in command execution. An attacker can insert python into loaded yaml to trigger this vulnerability.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
tablibPyPI	< 0.11.5	0.11.5

Affected products

Python (programming language)/Tablib
cpe:2.3:a:python:tablib:0.11.4:*:*:*:*:*:*:*
Kenneth Reitz/Tablibv5
Range: 0.11.4

Patches

69abfc3ada5d

https://github.com/jazzband/tablibvia ghsa

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

talosintelligence.com/vulnerability_reports/TALOS-2017-0307nvdExploitThird Party AdvisoryVDB EntryWEB
www.securityfocus.com/bid/99076nvdThird Party AdvisoryVDB Entry
github.com/advisories/GHSA-gcr6-rf47-jrgfghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2017-2810ghsaADVISORY
github.com/jazzband/tablib/commit/69abfc3ada5d754cb152119c0b4777043657cb6eghsaWEB
github.com/pypa/advisory-database/tree/main/vulns/tablib/PYSEC-2017-95.yamlghsaWEB
security.gentoo.org/glsa/201811-18nvdWEB

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000