Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS04aDIyLTZxd3gtcTR3Oc4AA_9g

OpenStack Ironic fails to verify checksums of supplied image_source URLs

In OpenStack Ironic before 21.4.4, 22.x and 23.x before 23.0.3, 23.x and 24.x before 24.1.3, and 25.x and 26.x before 26.1.0, there is a lack of checksum validation of supplied image_source URLs when configured to convert images to a raw format for streaming.

Permalink: https://github.com/advisories/GHSA-8h22-6qwx-q4w9
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04aDIyLTZxd3gtcTR3Oc4AA_9g
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 17 days ago
Updated: 17 days ago

Identifiers: GHSA-8h22-6qwx-q4w9, CVE-2024-47211
References:

Repository: https://github.com/openstack/ironic
Blast Radius: 0.0

Affected Packages

pypi:ironic

Dependent packages: 0
Dependent repositories: 7
Downloads: 4,780 last month
Affected Version Ranges: <= 21.4.3, >= 22.0.0, < 23.0.3, >= 23.1.0, < 24.1.3, >= 25.0.0, < 26.1.1
Fixed in: , 23.0.3, 24.1.3, 26.1.1
All affected versions: 9.1.6, 9.1.7, 10.1.7, 10.1.8, 10.1.9, 10.1.10, 11.1.1, 11.1.2, 11.1.3, 11.1.4, 12.0.0, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.0, 13.0.0, 13.0.1, 13.0.2, 13.0.3, 13.0.4, 13.0.5, 13.0.6, 13.0.7, 14.0.0, 15.0.0, 15.0.1, 15.0.2, 15.1.0, 15.2.0, 16.0.0, 16.0.1, 16.0.2, 16.0.3, 16.0.4, 16.0.5, 16.1.0, 16.2.0, 17.0.0, 17.0.1, 17.0.2, 17.0.3, 17.0.4, 17.1.0, 18.0.0, 18.1.0, 18.2.0, 18.2.1, 18.2.2, 18.3.0, 19.0.0, 20.0.0, 20.1.0, 20.1.1, 20.1.2, 20.1.3, 20.2.0, 21.0.0, 21.1.0, 21.1.1, 21.1.2, 21.2.0, 21.3.0, 21.4.0, 21.4.1, 21.4.2, 21.4.3, 22.0.0, 22.1.0, 23.0.0, 23.0.1, 23.0.2, 23.1.0, 24.0.0, 24.1.0, 24.1.1, 24.1.2, 25.0.0, 26.0.0, 26.1.0
All unaffected versions: 23.0.3, 24.1.3, 26.1.1