Skip to content

Instantly share code, notes, and snippets.

@Fewword
Last active December 4, 2024 02:18
Show Gist options
  • Save Fewword/f098d8d6375ac25e27b18c0e57be532f to your computer and use it in GitHub Desktop.
Save Fewword/f098d8d6375ac25e27b18c0e57be532f to your computer and use it in GitHub Desktop.
CVEs
> [Suggested description]
> There is a ReDoS vulnerability in language_pack_handler.py in Openstack
> solum yoga-eom version.
>
> ------------------------------------------
>
> [VulnerabilityType Other]
> Regular expression Denial of Service
>
> ------------------------------------------
>
> [Vendor of Product]
> Openstack
>
> ------------------------------------------
>
> [Affected Product Code Base]
> solum - yoga-eom
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Denial of Service]
> true
>
> ------------------------------------------
>
> [Reference]
> https://bugs.launchpad.net/solum/+bug/2047505
> https://drive.google.com/file/d/11x-6CjWCyap8_W1JpVzun56HQkPNLtWT/view?usp=drive_link
>
> ------------------------------------------
>
> [Discoverer]
> https://github.com/1561316811 (Zhongguancun Laboratory)
> [Suggested description]
> An issue in OpenStack Storlets yoga-eom allows a remote attacker to
> execute arbitrary code via the gateway.py component.
>
> ------------------------------------------
>
> [VulnerabilityType Other]
> TOCTOU
>
> ------------------------------------------
>
> [Vendor of Product]
> OpenStack
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Storlets - yoga-eom
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Reference]
> https://bugs.launchpad.net/storlets/+bug/2047723
>
> ------------------------------------------
>
> [Discoverer]
> https://github.com/1561316811 (Zhongguancun Laboratory)
> [Suggested description]
> An issue in OpenStack magnum yoga-eom version allows a remote attacker
> to execute arbitrary code via the cert_manager.py. component.
>
> ------------------------------------------
>
> [VulnerabilityType Other]
> TOCTOU
>
> ------------------------------------------
>
> [Vendor of Product]
> OpenStack
>
> ------------------------------------------
>
> [Affected Product Code Base]
> magnum - yoga-eom
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Reference]
> https://bugs.launchpad.net/magnum/+bug/2047690
> https://review.opendev.org/c/openstack/magnum/+/907305
>
> ------------------------------------------
>
> [Discoverer]
> https://github.com/1561316811 (Zhongguancun Laboratory)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment