Upstream information
Description
OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
National Vulnerability Database | |
---|---|
Base Score | 7.5 |
Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Access Vector | Network |
Access Complexity | Low |
Authentication | None |
Confidentiality Impact | Partial |
Integrity Impact | Partial |
Availability Impact | Partial |
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE OpenStack Cloud 6 |
| Patchnames: SUSE OpenStack Cloud 6 GA openstack-swift-2.1.0-3.1 |
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 13:05:58 2013CVE page last modified: Mon Feb 13 11:38:54 2023