← Back to team overview

yahoo-eng-team team mailing list archive

[Bug 1370295] Re: Possible SQL Injection vulnerability in hyperv volumeutils2

 

Fix proposed to branch: master
Review: https://review.openstack.org/131433

** Changed in: nova
       Status: Invalid => In Progress

** Changed in: nova
     Assignee: (unassigned) => Sergey Vilgelm (sergey.vilgelm)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1370295

Title:
  Possible SQL Injection vulnerability in hyperv volumeutils2

Status in OpenStack Compute (Nova):
  In Progress
Status in OpenStack Security Advisories:
  Won't Fix

Bug description:
  This line:
  https://github.com/openstack/nova/blob/master/nova/virt/hyperv/volumeutilsv2.py#L54
  makes a raw SQL query using input from target_address and target_port.
  If an attacker is able to manipulate either of these parameters, they
  can exploit a SQL injection vulnerability.

  If neither of these parameters can be controlled by an attacker, it's
  probably OK to fix this in public.  These should definitely at least
  be strengthened by using prepared statements, or even better, a secure
  SQL library such as sqlalchemy.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1370295/+subscriptions