GHSA-v7mh-3jgf-r26c

Suggest an improvement
Source
https://github.com/advisories/GHSA-v7mh-3jgf-r26c
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v7mh-3jgf-r26c/GHSA-v7mh-3jgf-r26c.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-v7mh-3jgf-r26c
Aliases
  • CVE-2012-4406
Published
2022-05-17T01:42:16Z
Modified
2024-02-16T08:22:46.817638Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
OpenStack Object Storage (swift) Code Injection vulnerability
Details

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.

References

Affected packages

PyPI / swift

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.7.0

Affected versions

1.*

1.0.2