Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2016-4972

Опубликовано: 26 сент. 2016
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 7.5
CVSS3: 9.8

Описание

OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files, which allows remote attackers to create arbitrary Python objects and execute arbitrary code via crafted extended YAML tags in UI definitions in packages.

РелизСтатусПримечание
artful

ignored

end of life
bionic

not-affected

1:3.0.0~b1-2
cosmic

not-affected

1:3.0.0~b1-2
devel

DNE

disco

not-affected

1:3.0.0~b1-2
eoan

not-affected

1:3.0.0~b1-2
esm-apps/bionic

not-affected

1:3.0.0~b1-2
esm-apps/focal

not-affected

1:3.0.0~b1-2
esm-apps/jammy

not-affected

1:3.0.0~b1-2
esm-apps/noble

not-affected

1:3.0.0~b1-2

Показывать по

РелизСтатусПримечание
artful

ignored

end of life
bionic

not-affected

1:2.0.0-5
cosmic

not-affected

1:2.0.0-5
devel

DNE

disco

not-affected

1:2.0.0-5
eoan

not-affected

1:2.0.0-5
esm-apps/bionic

not-affected

1:2.0.0-5
esm-apps/focal

not-affected

1:2.0.0-5
esm-apps/jammy

not-affected

1:2.0.0-5
esm-apps/noble

not-affected

1:2.0.0-5

Показывать по

РелизСтатусПримечание
artful

ignored

end of life
bionic

not-affected

0.8.4-1
cosmic

not-affected

0.8.4-1
devel

not-affected

0.8.4-1
disco

not-affected

0.8.4-1
eoan

not-affected

0.8.4-1
esm-apps/bionic

not-affected

0.8.4-1
esm-apps/focal

not-affected

0.8.4-1
esm-apps/jammy

not-affected

0.8.4-1
esm-apps/noble

not-affected

0.8.4-1

Показывать по

Ссылки на источники

EPSS

Процентиль: 88%
0.03928
Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

redhat логотип

CVE-2016-4972

redhat
больше 9 лет назад

OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files, which allows remote attackers to create arbitrary Python objects and execute arbitrary code via crafted extended YAML tags in UI definitions in packages.

nvd логотип

CVE-2016-4972

CVSS3: 9.8
nvd
больше 9 лет назад

OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files, which allows remote attackers to create arbitrary Python objects and execute arbitrary code via crafted extended YAML tags in UI definitions in packages.

debian логотип

CVE-2016-4972

CVSS3: 9.8
debian
больше 9 лет назад

OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), ...

github логотип

GHSA-87r7-q54j-f9qg

CVSS3: 9.8
github
больше 3 лет назад

OpenStack Murano Code Execution

EPSS

Процентиль: 88%
0.03928
Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3