GHSA-rfm2-f94j-qhjp

Source

https://github.com/advisories/GHSA-rfm2-f94j-qhjp

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/04/GHSA-rfm2-f94j-qhjp/GHSA-rfm2-f94j-qhjp.json

Aliases

CVE-2024-28717

Published

2024-04-22T12:30:33Z

Modified

2024-04-22T16:11:48.511550Z

Details

An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-28717
https://github.com/openstack/storlets/commit/5ad58804af885db3eb7a78bea5000c401eeeb70e
https://bugs.launchpad.net/storlets/+bug/2047723
https://gist.github.com/Fewword/f098d8d6375ac25e27b18c0e57be532f
https://github.com/openstack/storlets

Affected packages

PyPI / storlets

Package

Name: storlets

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0The exact introduced commit is unknown

Fixed

13.0.0.0rc1

Affected versions

0.*

0.1

0.3.1.dev55

0.6.0

0.7.0

1.*

1.0.0

2.*

2.0.0.0b1

2.0.0.0b2

2.0.0.0b3

2.0.0.0rc1

2.0.0

3.*

3.0.0.0b1

3.0.0.0rc1

3.0.0.0rc2

3.0.0

4.*

4.0.0.0rc1

4.0.0.0rc2

4.0.0

5.*

5.0.0.0b1

5.0.0.0rc1

5.0.0

6.*

6.0.0.0rc1

6.0.0

7.*

7.0.0.0rc1

7.0.0

8.*

8.0.0.0rc1

8.0.0

9.*

9.0.0.0rc1

9.0.0

10.*

10.0.0.0rc1

10.0.0

11.*

11.0.0.0rc1

11.0.0

12.*

12.0.0.0rc1

12.0.0