OESA-2024-1329

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1329

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2024-1329.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2024-1329

Upstream

CVE-2024-29156

Published

2024-03-29T11:07:18Z

Modified

2025-08-12T05:25:43.475419Z

Summary

python-yaql security update

Details

YAQL (Yet Another Query Language) is an embeddable and extensible query language, that allows performing complex queries against arbitrary objects. It has a vast and comprehensive standard library of frequently used querying functions and can be extend even further with user-specified functions. YAQL is written in python and is distributed via PyPI.

Security Fix(es):

In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information.(CVE-2024-29156)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:22.03-LTS-SP1 / python-yaql

Package

Name: python-yaql
Purl: pkg:rpm/openEuler/python-yaql&distro=openEuler-22.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.0-2.oe2203sp1

Ecosystem specific

{
    "src": [
        "python-yaql-2.0.0-2.oe2203sp1.src.rpm"
    ],
    "noarch": [
        "python-yaql-help-2.0.0-2.oe2203sp1.noarch.rpm",
        "python3-yaql-2.0.0-2.oe2203sp1.noarch.rpm"
    ]
}