MEDIUM 6.5
PYSEC-2026-2059
Information leakage in YAQL
상세
YAQL before 3.0.0 is used in Murano, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
참고
- https://nvd.nist.gov/vuln/detail/CVE-2024-29156 [ADVISORY]
- https://bugs.launchpad.net/murano/+bug/2048114 [WEB]
- https://launchpad.net/bugs/2048114 [WEB]
- https://opendev.org/openstack/murano/tags [WEB]
- https://opendev.org/openstack/yaql/commit/83e28324e1a0ce3970dd854393d2431123a909d3 [WEB]
- https://wiki.openstack.org/wiki/OSSN/OSSN-0093 [WEB]
- https://pypi.org/project/yaql [PACKAGE]
- https://github.com/advisories/GHSA-mvf6-hwxh-7v76 [ADVISORY]