CVE-2012-4406: OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached…

critical9.8CVSS 3.1

AVNACLPRNUINSUCHIHAH

OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.

Affected

14 ranges

Vendor	Product	Version range	Fixed in
debian	swift	< swift 1.4.8-2 (bookworm)	swift 1.4.8-2 (bookworm)
fedoraproject	fedora	—	—
openstack	swift	< 1.7.0	1.7.0
openstack	swift	>= 0 < 1.4.8-2	1.4.8-2
openstack	swift	>= 0 < 1.4.8-2	1.4.8-2
openstack	swift	>= 0 < 1.4.8-2	1.4.8-2
openstack	swift	>= 0 < 1.4.8-2	1.4.8-2
openstack	swift	>= 0 < 1.7.0	1.7.0
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server	—	—
redhat	gluster_storage_management_console	—	—
redhat	gluster_storage_server_for_on-premise	—	—
redhat	storage	—	—
redhat	storage_for_public_cloud	—	—

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

osv9.8CRITICAL