14 lines
1.0 KiB
JSON
14 lines
1.0 KiB
JSON
{
|
|
"id": "openEuler-SA-2024-1328",
|
|
"url": "https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1328",
|
|
"title": "An update for python-yaql is now available for openEuler-22.03-LTS",
|
|
"severity": "Important",
|
|
"description": "YAQL (Yet Another Query Language) is an embeddable and extensible query language, that allows performing complex queries against arbitrary objects. It has a vast and comprehensive standard library of frequently used querying functions and can be extend even further with user-specified functions. YAQL is written in python and is distributed via PyPI.\r\n\r\nSecurity Fix(es):\r\n\r\nIn OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information.(CVE-2024-29156)",
|
|
"cves": [
|
|
{
|
|
"id": "CVE-2024-29156",
|
|
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29156",
|
|
"severity": "Important"
|
|
}
|
|
]
|
|
} |