VDB
KO
CRITICAL 9.9

GHSA-9hfw-w3f4-c4p8

OpenStack Mistral allows Arbitrary Remote Code Execution when the API is exposed

Details

OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / mistral
Introduced in: 20.0.0 Fixed in: 20.1.1
Fix pip install --upgrade 'mistral>=20.1.1'
PyPI / mistral

No fixed version published yet for mistral (pip). Pin to a known-safe version or switch to an alternative.

PyPI / mistral

No fixed version published yet for mistral (pip). Pin to a known-safe version or switch to an alternative.

References