OpenStack Dashboard (Horizon)

potential default value leakage in LaunchImageNG

Bug #1466894 reported by Yves-Gwenael Bourhis on 2015-06-19

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Dashboard (Horizon)	Fix Released	Medium	Yves-Gwenael Bourhis	OpenStack Dashboard (Horizon) 8.0.0 "liberty"

Bug Description

LaunchImageNG uses a mutable as default parameter.

This can lead to potential leakage because the default value is evaluated only once and any potential changes done to the default arguments will be kept for further instances.

I don't think it's a security vulnerability at this stage, but it can potentially lead to it.

OpenStack Infra (hudson-openstack) on 2015-06-19

Changed in horizon:
assignee:	nobody → Yves-Gwenael Bourhis (yves-gwenael-bourhis)
status:	New → In Progress

Revision history for this message

Yves-Gwenael Bourhis (yves-gwenael-bourhis) wrote on 2015-06-19:

Fix proposed to branch: master
Review: https://review.openstack.org/193575

OpenStack Infra (hudson-openstack) on 2015-06-22

Changed in horizon:
status:	In Progress → Fix Committed

Rob Cresswell (robcresswell-deactivatedaccount) on 2015-06-22

Changed in horizon:
importance:	Undecided → Medium
milestone:	none → liberty-1

Doug Hellmann (doug-hellmann) on 2015-06-23

Changed in horizon:
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2015-10-15

Changed in horizon:
milestone:	liberty-1 → 8.0.0

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.