CVE-2015-5306: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

July 5, 2019 (updated September 21, 2021)

OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error.

References

rhn.redhat.com/errata/RHSA-2015-2685.html
access.redhat.com/errata/RHSA-2015:1929
bugs.launchpad.net/ironic-inspector/+bug/1506419
bugzilla.redhat.com/show_bug.cgi?id=1273698
github.com/advisories/GHSA-x64g-wjmw-w328
nvd.nist.gov/vuln/detail/CVE-2015-5306

Code Behaviors & Features

Detect and mitigate CVE-2015-5306 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →