Un-sanitized eval may have security impact
Bug #1367022 reported by
Travis McPeak
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ceilometer |
Won't Fix
|
Low
|
Unassigned | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
On this line: https:/
If an attacker is able to provide an input like "__import_
Eval input should always be sanitized. I was unable to find any places that this is actually used, but this should definitely be hardened.
Changed in ossa: | |
status: | New → Incomplete |
information type: | Public → Public Security |
information type: | Public Security → Public |
Changed in ceilometer: | |
assignee: | Brant Knudson (blk-u) → nobody |
Changed in ceilometer: | |
status: | In Progress → Triaged |
importance: | Undecided → Low |
To post a comment you must log in.
The question is... is this a user-controlled string ? If not, we can fix it without issuing a CVE.