Lucene search
PRIOn knowledge basePRION:CVE-2016-4972HistorySep 26, 2016 - 4:59 p.m.
Code injection
2016-09-2616:59:00
PRIOn knowledge base
www.prio-n.com
2
OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files, which allows remote attackers to create arbitrary Python objects and execute arbitrary code via crafted extended YAML tags in UI definitions in packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| mitaka-murano | le | 2.0.0 | |
| murano | le | 1.0.2 | |
| murano-dashboard | le | 1.0.2 | |
| python-muranoclient | le | 0.7.2 |
Related
cve
cve
CVE-2016-4972
2016-09-26 16:59:01
nvd
nvd
CVE-2016-4972
2016-09-26 16:59:01
github
github
OpenStack Murano Code Execution
2022-05-17 03:48:22
redhatcve
redhatcve
CVE-2016-4972
2016-06-23 23:48:25
ubuntucve
ubuntucve
CVE-2016-4972
2016-09-26 00:00:00
cvelist
cvelist
CVE-2016-4972
2016-09-26 16:00:00
osv
osv
OpenStack Murano Code Execution
2022-05-17 03:48:22
PYSEC-2016-22
2016-09-26 16:59:00
debiancve
debiancve
CVE-2016-4972
2016-09-26 16:59:01