PYSEC-2020-225

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/blazar-dashboard/PYSEC-2020-225.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2020-225
Aliases
Published
2020-10-16T06:15:00Z
Modified
2023-11-08T04:03:20.706813Z
Summary
[none]
Details

An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may result in Horizon host unauthorized access and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected.

References

Affected packages

PyPI / blazar-dashboard

Package

Name
blazar-dashboard
View open source insights on deps.dev
Purl
pkg:pypi/blazar-dashboard

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.3.1
Introduced
2.0.0
Fixed
2.0.1
Introduced
3.0.0
Fixed
3.0.1

Affected versions

Other

0

1.*

1.0.0
1.0.1
1.1.0
1.2.0
1.3.0

2.*

2.0.0

3.*

3.0.0