Possible SQL injection in Windows driver utils
Bug #1370290 reported by
Travis McPeak
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Invalid
|
Undecided
|
Unassigned | ||
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
On this line: https:/
No input sanitization is done, and no safe SQL libraries are being used. Even if this variable is out the control of a malicious user, this is an unsafe programming practice and should be hardened.
If we are absolutely sure that 'vhd_path' can't be tampered with, it's probably OK to fix this in the open.
Changed in ossa: | |
status: | New → Incomplete |
To post a comment you must log in.
@Alessandro: your help confirming / invalidating the vulnerability needed here too