VYPR

Rucio

by Cern

pypi: rucio

Source repositories

CVEs (2)

  • CVE-2026-29090HigMay 6, 2026
    risk 0.50cvss 8.8epss 0.00

    ### Summary A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in `FilterEngine.create_postgres_query()`. This allows any authenticated Rucio user to execute arbitrary SQL against the PostgreSQL metadata database…

  • CVE-2026-29080HigMay 6, 2026
    risk 0.50cvss 8.8epss 0.00

    A SQL injection vulnerability in `FilterEngine.create_sqla_query()` allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint (`GET /dids//dids/search`). On Oracle deployments attacker-controlled filter keys…