Lucene search
GoogleOSV:PYSEC-2016-22HistorySep 26, 2016 - 4:59 p.m.
PYSEC-2016-22
2016-09-2616:59:00
Google
osv.dev
8
0.027 Low
EPSS
Percentile
90.6%
OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files, which allows remote attackers to create arbitrary Python objects and execute arbitrary code via crafted extended YAML tags in UI definitions in packages.
Related
prion
prion
Code injection
2016-09-26 16:59:00
cve
cve
CVE-2016-4972
2016-09-26 16:59:01
nvd
nvd
CVE-2016-4972
2016-09-26 16:59:01
github
github
OpenStack Murano Code Execution
2022-05-17 03:48:22
redhatcve
redhatcve
CVE-2016-4972
2016-06-23 23:48:25
ubuntucve
ubuntucve
CVE-2016-4972
2016-09-26 00:00:00
cvelist
cvelist
CVE-2016-4972
2016-09-26 16:00:00
osv
osv
OpenStack Murano Code Execution
2022-05-17 03:48:22
debiancve
debiancve
CVE-2016-4972
2016-09-26 16:59:01