Khalil Lemtaffah

**Name of the Vulnerable Software and Affected Versions** OpenStack Vitrage versions prior to 12.0.1, 13.0.0, 14.0.0, and 15.0.0 **Description** A flaw exists in the query parser of OpenStack Vitrage that could allow a user with access to the Vitrage API to trigger code execution on the Vitrage service host. This occurs within the ` create query function` function located in `vitrage/graph/query.py`. Successful exploitation could lead to unauthorized access to the host and compromise of the Vitrage service. The issue stems from improper handling of user-supplied input. **Recommendations** OpenStack Vitrage versions prior to 12.0.1 should be updated. OpenStack Vitrage versions prior to 13.0.0 should be updated. OpenStack Vitrage versions prior to 14.0.0 should be updated. OpenStack Vitrage versions prior to 15.0.0 should be updated.