A vulnerability in open build service allows remote malicious users to upload arbitrary RPM files. Affected releases are SUSE open build service before 2.1.16.
opensuse open build service