CVE-2018-16848
MEDIUMOpenStack Mistral <= 7.0.3 - Denial of Service via Nested Anchors in Workflow YAML
Title source: llmDescription
A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow definition YAML file containing nested anchors can lead to resource exhaustion culminating in a denial of service.
References (2)
Core 2
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1645332
Third Party Advisory x_refsource_misc
https://bugs.launchpad.net/mistral/+bug/1785657
Scores
CVSS v3
6.5
EPSS
0.0029
EPSS Percentile
52.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-400
Status
published
Products (2)
pypi/mistral
0 - 10.0.0PyPI
redhat/openstack-mistral
< 7.0.3
Published
Jun 15, 2020
Tracked Since
Feb 18, 2026