Possible SQL Injection vulnerability in hyperv plugin
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Security Advisory |
Won't Fix
|
Undecided
|
Unassigned | ||
neutron |
Invalid
|
Low
|
Unassigned |
Bug Description
On this line: https:/
At least this is an unsafe programming practice. A library such as sqlalchemy should be used, or at least prepared statements.
If there is no way for a user to tamper with these parameters, this can be fixed in public and treated as security hardening rather than a vulnerability.
Changed in ossa: | |
status: | New → Incomplete |
Changed in neutron: | |
importance: | Undecided → Low |
status: | New → Confirmed |
Changed in neutron: | |
assignee: | Sergey Vilgelm (sergey.vilgelm) → nobody |
@Alessandro: could you tell us if that actually constitutes a true vulnerability ?