VYPR

PyPI package

rucio

pkg:pypi/rucio

Vulnerabilities (2)

  • CVE-2026-29090HigMay 6, 2026
    affected >= 1.30.0, < 35.8.5fixed 35.8.5

    ### Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in `FilterEngine.create_postgres_query()`. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database th

  • CVE-2026-29080HigMay 6, 2026
    affected >= 1.27.0, < 35.8.5fixed 35.8.5

    A SQL injection vulnerability in `FilterEngine.create_sqla_query()` allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint (`GET /dids//dids/search`). On Oracle deployments attacker-controlled filter keys a