Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files, which allows remote attackers to create arbitrary Python objects and execute arbitrary code via crafted extended YAML tags in UI definitions in packages.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
多款Openstack产品安全漏洞
Vulnerability Description
OpenStack是美国国家航空航天局(National Aeronautics and Space Administration)和美国Rackspace公司合作研发的一个云平台管理项目。Openstack Murano是其中的一个应用程序目录管理项目。Murano-dashboard是其中的一个管理界面。Python-muranoclient是其中的一个用于建立Murano API的客户端库。 多款OpenStack产品中存在安全漏洞,该漏洞源于在解析MuranoPL和UI文件时,程序没有正确使用来自
CVSS Information
N/A
Vulnerability Type
N/A