{"id":2888495,"name":"python-muranoclient","ecosystem":"pypi","description":"python-muranoclient","homepage":"https://docs.openstack.org/python-muranoclient/latest/","licenses":"Apache License, Version 2.0","normalized_licenses":["Apache-2.0"],"repository_url":null,"keywords_array":[],"namespace":null,"versions_count":56,"first_release_published_at":"2013-09-09T06:39:17.000Z","latest_release_published_at":"2024-03-01T14:02:38.000Z","latest_release_number":"2.8.0","last_synced_at":"2026-06-16T20:13:37.922Z","created_at":"2022-04-10T12:21:20.384Z","updated_at":"2026-06-17T18:25:22.171Z","registry_url":"https://pypi.org/project/python-muranoclient/","install_command":"pip install python-muranoclient --index-url https://pypi.org/simple","documentation_url":"https://python-muranoclient.readthedocs.io/","metadata":{"funding":null,"documentation":null,"classifiers":["Development Status :: 4 - Beta","Environment :: Console","Environment :: OpenStack","Intended Audience :: Developers","Intended Audience :: Information Technology","Intended Audience :: System Administrators","License :: OSI Approved :: Apache Software License","Operating System :: POSIX :: Linux","Programming Language :: Python","Programming Language :: Python :: 3","Programming Language :: Python :: 3 :: Only","Programming Language :: Python :: 3.6","Programming Language :: Python :: 3.7","Programming Language :: Python :: 3.8","Programming Language :: Python :: Implementation :: CPython"],"normalized_name":"python-muranoclient","project_status":null},"repo_metadata":{},"repo_metadata_updated_at":"2024-10-29T23:10:18.066Z","dependent_packages_count":8,"downloads":30979,"downloads_period":"last-month","dependent_repos_count":60,"rankings":{"downloads":1.9381155763618676,"dependent_repos_count":1.9108316564151386,"dependent_packages_count":1.140981437906509,"stargazers_count":null,"forks_count":null,"docker_downloads_count":0.5842275656614786,"average":1.3935390590862484},"purl":"pkg:pypi/python-muranoclient","advisories":[{"uuid":"GSA_kwCzR0hTQS04N3I3LXE1NGotZjlxZ84AAdKx","url":"https://github.com/advisories/GHSA-87r7-q54j-f9qg","title":"OpenStack Murano Code Execution","description":"OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), Murano-dashboard before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), and python-muranoclient before 0.7.3 (liberty) and 0.8.x before 0.8.5 (mitaka) improperly use loaders inherited from yaml.Loader when parsing MuranoPL and UI files, which allows remote attackers to create arbitrary Python objects and execute arbitrary code via crafted extended YAML tags in UI definitions in packages.","origin":"UNSPECIFIED","severity":"CRITICAL","published_at":"2022-05-17T03:48:22.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":9.3,"cvss_vector":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2016-4972","https://bugs.launchpad.net/murano/+bug/1586079","https://bugs.launchpad.net/python-muranoclient/+bug/1586078","http://www.openwall.com/lists/oss-security/2016/06/23/8","https://github.com/openstack/murano/commit/28de8c36c9dbe4aaf4d062e6fb6099afd437f49b","https://github.com/openstack/murano/blob/c898a310afbc27f12190446ef75d8b0bd12115eb/releasenotes/notes/safeloader-cve-2016-4972-19035a2a091ec30a.yaml","https://github.com/openstack/murano/blob/c898a310afbc27f12190446ef75d8b0bd12115eb/releasenotes/source/locale/en_GB/LC_MESSAGES/releasenotes.po","https://github.com/pypa/advisory-database/tree/main/vulns/python-muranoclient/PYSEC-2016-22.yaml","https://github.com/advisories/GHSA-87r7-q54j-f9qg"],"source_kind":"github","identifiers":["GHSA-87r7-q54j-f9qg","CVE-2016-4972"],"repository_url":"https://github.com/openstack/murano","blast_radius":16.536806628567888,"created_at":"2023-08-01T00:03:53.409Z","updated_at":"2026-06-17T18:08:09.909Z","epss_percentage":0.03928,"epss_percentile":0.88514,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04N3I3LXE1NGotZjlxZ84AAdKx","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS04N3I3LXE1NGotZjlxZ84AAdKx","packages":[{"ecosystem":"pypi","package_name":"python-muranoclient","versions":[{"first_patched_version":"0.8.5","vulnerable_version_range":"\u003e= 0.8.0, \u003c 0.8.5"},{"first_patched_version":"0.7.3","vulnerable_version_range":"\u003c 0.7.3"}],"purl":"pkg:pypi/python-muranoclient","statistics":{"dependent_packages_count":8,"dependent_repos_count":60,"downloads":30979,"downloads_period":"last-month"},"affected_versions":["0.2.11","0.2.12","0.4.1","0.5.0","0.5.1","0.5.2","0.5.3","0.5.4","0.5.5","0.5.6","0.5.7","0.5.8","0.5.9","0.6.0","0.6.2","0.6.3","0.7.0","0.7.1","0.7.2","0.8.0","0.8.1","0.8.2","0.8.3","0.8.4"],"unaffected_versions":["0.7.3","0.8.5","0.8.6","0.9.0","0.10.0","0.11.0","0.11.1","0.12.0","0.13.0","0.14.0","0.14.1","1.0.0","1.0.1","1.1.0","1.1.1","1.2.0","1.3.0","2.0.0","2.0.1","2.1.0","2.1.1","2.2.0","2.3.0","2.4.0","2.4.1","2.5.0","2.6.0","2.7.0","2.8.0"]},{"ecosystem":"pypi","package_name":"murano-dashboard","versions":[{"first_patched_version":"2.0.1","vulnerable_version_range":"\u003e= 2.0.0, \u003c 2.0.1"},{"first_patched_version":"1.0.3","vulnerable_version_range":"\u003c 1.0.3"}],"purl":"pkg:pypi/murano-dashboard","statistics":{"dependent_packages_count":0,"dependent_repos_count":6,"downloads":93,"downloads_period":"last-month"},"affected_versions":["1.0.0","1.0.0.0b1","1.0.0.0b2","1.0.0.0b3","1.0.0.0rc1","1.0.1","1.0.2","2.0.0"],"unaffected_versions":["1.0.3","2.0.0.0b1","2.0.0.0b2","2.0.0.0b3","2.0.0.0rc1","2.0.0.0rc2","2.0.1","2.0.2","3.0.0","3.0.0.0b1","3.0.0.0b2","3.0.0.0b3","3.0.0.0rc1","3.0.0.0rc2","3.1.0","3.2.0","4.0.0","4.0.0.0b1","4.0.0.0b2","4.0.0.0b3","4.0.0.0rc1","4.0.0.0rc2","4.0.1","5.0.0","5.0.0.0b1","5.0.0.0b2","5.0.0.0b3","5.0.0.0rc1","5.0.0.0rc2","6.0.0","6.0.0.0b1","6.0.0.0b3","6.0.0.0rc1","7.0.0","7.0.0.0rc1","8.0.0","8.0.0.0rc1","8.0.0.0rc2","9.0.0","9.0.0.0rc1","10.0.0","10.0.0.0rc1","11.0.0","11.0.0.0rc1","12.0.0","12.0.0.0rc1","13.0.0","13.0.0.0rc1","14.0.0","14.0.0.0rc1","15.0.0","15.0.0.0rc1","16.0.0","16.0.0.0rc1","2014.2.1","2014.2.2","2014.2.4","2015.1.0","2015.1.0b1","2015.1.0b2","2015.1.0b3","2015.1.0rc1","2015.1.1"]},{"ecosystem":"pypi","package_name":"murano","versions":[{"first_patched_version":"1.0.3","vulnerable_version_range":"\u003c 1.0.3"}],"purl":"pkg:pypi/murano","statistics":{"dependent_packages_count":0,"dependent_repos_count":3,"downloads":330,"downloads_period":"last-month"},"affected_versions":["1.0.0","1.0.0.0b1","1.0.0.0b2","1.0.0.0b3","1.0.0.0rc1","1.0.1","1.0.2"],"unaffected_versions":["1.0.3","2.0.0","2.0.0.0b1","2.0.0.0b2","2.0.0.0b3","2.0.0.0rc1","2.0.0.0rc2","2.0.0.0rc3","2.0.1","2.0.2","3.0.0","3.0.0.0b1","3.0.0.0b2","3.0.0.0b3","3.0.0.0rc1","3.0.0.0rc2","3.1.0","3.2.0","4.0.0","4.0.0.0b1","4.0.0.0b2","4.0.0.0b3","4.0.0.0rc1","4.0.0.0rc2","4.0.1","7.0.0","7.0.0.0rc1","7.0.0.0rc2","7.1.0","8.0.0","8.0.0.0rc1","8.1.0","8.1.1","9.0.0","9.0.0.0rc1","9.0.0.0rc2","10.0.0","10.0.0.0rc1","11.0.0","11.0.0.0rc1","12.0.0","12.0.0.0rc1","13.0.0","13.0.0.0rc1","13.0.0.0rc2","14.0.0","14.0.0.0rc1","15.0.0","15.0.0.0rc1","16.0.0","16.0.0.0rc1","2014.2.1","2014.2.2","2014.2.4","2015.1.0","2015.1.0b1","2015.1.0b2","2015.1.0b3","2015.1.0rc1","2015.1.0rc2","2015.1.1"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04N3I3LXE1NGotZjlxZ84AAdKx/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/pypi/python-muranoclient","docker_dependents_count":22,"docker_downloads_count":654,"usage_url":"https://repos.ecosyste.ms/usage/pypi/python-muranoclient","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/pypi/python-muranoclient/dependencies","status":null,"funding_links":[],"critical":null,"issue_metadata":null,"versions_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/python-muranoclient/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/python-muranoclient/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/python-muranoclient/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/python-muranoclient/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/python-muranoclient/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/packages/python-muranoclient/codemeta","maintainers":[{"uuid":"openstackci","login":"openstackci","name":null,"email":null,"url":null,"packages_count":741,"html_url":"https://pypi.org/user/openstackci/","role":null,"created_at":"2023-02-24T11:20:06.237Z","updated_at":"2023-02-24T11:20:06.237Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/openstackci/packages"},{"uuid":"murano-pypi","login":"murano-pypi","name":null,"email":null,"url":null,"packages_count":7,"html_url":"https://pypi.org/user/murano-pypi/","role":null,"created_at":"2023-02-24T11:20:06.124Z","updated_at":"2023-02-24T11:20:06.124Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/pypi.org/maintainers/murano-pypi/packages"}]}