OESA-2024-1328

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1328

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2024-1328.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2024-1328

Upstream

CVE-2024-29156

Published

2024-03-29T11:07:18Z

Modified

2025-08-12T05:25:42.888705Z

Summary

python-yaql security update

Details

YAQL (Yet Another Query Language) is an embeddable and extensible query language, that allows performing complex queries against arbitrary objects. It has a vast and comprehensive standard library of frequently used querying functions and can be extend even further with user-specified functions. YAQL is written in python and is distributed via PyPI.

Security Fix(es):

In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information.(CVE-2024-29156)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:22.03-LTS / python-yaql

Package

Name: python-yaql
Purl: pkg:rpm/openEuler/python-yaql&distro=openEuler-22.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.1.3-2.oe2203

Ecosystem specific

{
    "src": [
        "python-yaql-1.1.3-2.oe2203.src.rpm"
    ],
    "noarch": [
        "python-yaql-help-1.1.3-2.oe2203.noarch.rpm",
        "python3-yaql-1.1.3-2.oe2203.noarch.rpm"
    ]
}