Comment 0 for bug 1586136

Reporter: Kirill Zaitsev
Products: OpenStack Murano
Affects: >=2014.2

Description:
Kirill Zaitsev from Mirantis reported a vulnerability in OpenStack Murano applications processing. Using extended YAML tags in Murano application YAML files, an attacker can perform a Remote Code Execution attack.

[python-muranoclient] https://bugs.launchpad.net/python-muranoclient/+bug/1586078
[murano] https://bugs.launchpad.net/murano/+bug/1586079