CVE-2024-28717: OpenStack Storlets arbitrary code execution vulnerability

April 22, 2024

An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component.

References

bugs.launchpad.net/storlets/+bug/2047723
gist.github.com/Fewword/f098d8d6375ac25e27b18c0e57be532f
github.com/advisories/GHSA-rfm2-f94j-qhjp
github.com/openstack/storlets
github.com/openstack/storlets/commit/5ad58804af885db3eb7a78bea5000c401eeeb70e
nvd.nist.gov/vuln/detail/CVE-2024-28717

Detect and mitigate CVE-2024-28717 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →