VYPR

Rucio

by Rucio

pypi: rucio

Source repositories

CVEs (9)

  • CVE-2026-29090HigMay 6, 2026
    risk 0.50cvss 8.8epss 0.00

    ### Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in `FilterEngine.create_postgres_query()`. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database…

  • CVE-2026-29080HigMay 6, 2026
    risk 0.50cvss 8.8epss 0.00

    A SQL injection vulnerability in `FilterEngine.create_sqla_query()` allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint (`GET /dids//dids/search`). On Oracle deployments attacker-controlled filter keys…

  • CVE-2025-54064MedJul 17, 2025
    risk 0.45cvss epss 0.00

    Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. The common Rucio helm-charts for the `rucio-server`, `rucio-ui`, and `rucio-webui` define the log format for the apache access…

  • CVE-2026-25736Feb 25, 2026
    risk 0.00cvss epss 0.00

    Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting (XSS) vulnerability in the Custom RSE Attribute…

  • CVE-2026-25735Feb 25, 2026
    risk 0.00cvss epss 0.00

    Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting (XSS) vulnerability in the Identity Name of the…

  • CVE-2026-25734Feb 25, 2026
    risk 0.00cvss epss 0.00

    Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting (XSS) vulnerability in the RSE metadata of the…

  • CVE-2026-25733Feb 25, 2026
    risk 0.00cvss epss 0.00

    Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Versions prior to 35.8.3, 38.5.4, and 39.3.1 have a stored Cross-Site Scripting (XSS) vulnerability in the Custom Rules…

  • CVE-2026-25138Feb 25, 2026
    risk 0.00cvss epss 0.00

    Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a…

  • CVE-2026-25136Feb 25, 2026
    risk 0.00cvss epss 0.00

    Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. A reflected Cross-site Scripting vulnerability was located in versions prior to 35.8.3, 38.5.4, and 39.3.1 in the rendering of…