HIGH 7.8
PYSEC-2026-1945
OpenStack Storlets arbitrary code execution vulnerability
Details
An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component.
Are you affected?
Enter the version of the package you're using.
Affected packages
PyPI / storlets
Introduced in:
0 Fixed in: 13.0.0.0rc1 Fix
pip install --upgrade 'storlets>=13.0.0.0rc1' References
- https://nvd.nist.gov/vuln/detail/CVE-2024-28717 [ADVISORY]
- https://github.com/openstack/storlets/commit/5ad58804af885db3eb7a78bea5000c401eeeb70e [WEB]
- https://bugs.launchpad.net/storlets/+bug/2047723 [WEB]
- https://gist.github.com/Fewword/f098d8d6375ac25e27b18c0e57be532f [WEB]
- https://github.com/openstack/storlets [PACKAGE]
- https://pypi.org/project/storlets [PACKAGE]
- https://github.com/advisories/GHSA-rfm2-f94j-qhjp [ADVISORY]