Описание
OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute (xattrs).
A flaw was found in the way swiftonfile (gluster-swift) serialized and stored metadata on disk by using Python's pickle module. A remote, authenticated user could use this flaw to execute arbitrary code on the storage node.
Дополнительная информация
Статус:
EPSS
6 Medium
CVSS2
Связанные уязвимости
OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute (xattrs).
OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict use of the pickle Python module when loading metadata, which allows remote authenticated users to execute arbitrary code via a crafted extended attribute (xattrs).
EPSS
6 Medium
CVSS2