Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/openstack-neutron@1:15.3.5-2.20220113150031?arch=el8ost

Type rpm

Namespace redhat

Name openstack-neutron

Version 1:15.3.5-2.20220113150031

Qualifiers

arch	el8ost

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-wv6g-4622-tqdw

vulnerability_id

VCID-wv6g-4622-tqdw

summary

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40797.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40797.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-40797

reference_id

reference_type

scores

value	0.00384
scoring_system	epss
scoring_elements	0.59706
published_at	2026-04-21T12:55:00Z

value	0.00384
scoring_system	epss
scoring_elements	0.59722
published_at	2026-04-18T12:55:00Z

value	0.00384
scoring_system	epss
scoring_elements	0.59714
published_at	2026-04-16T12:55:00Z

value	0.00384
scoring_system	epss
scoring_elements	0.59682
published_at	2026-04-13T12:55:00Z

value	0.00384
scoring_system	epss
scoring_elements	0.597
published_at	2026-04-12T12:55:00Z

value	0.00384
scoring_system	epss
scoring_elements	0.59717
published_at	2026-04-11T12:55:00Z

value	0.00384
scoring_system	epss
scoring_elements	0.59684
published_at	2026-04-08T12:55:00Z

value	0.00384
scoring_system	epss
scoring_elements	0.59632
published_at	2026-04-07T12:55:00Z

value	0.00384
scoring_system	epss
scoring_elements	0.59663
published_at	2026-04-04T12:55:00Z

value	0.00384
scoring_system	epss
scoring_elements	0.59638
published_at	2026-04-02T12:55:00Z

value	0.00384
scoring_system	epss
scoring_elements	0.59697
published_at	2026-04-09T12:55:00Z

value	0.00384
scoring_system	epss
scoring_elements	0.59564
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-40797

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40797
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40797

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/openstack/neutron

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/neutron

reference_url

https://github.com/openstack/neutron/commit/e610a5eb9e71aa2549fb11e2139370d227787da2

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/neutron/commit/e610a5eb9e71aa2549fb11e2139370d227787da2

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-329.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-329.yaml

reference_url

https://launchpad.net/bugs/1942179

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://launchpad.net/bugs/1942179

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-40797

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-40797

reference_url

https://security.openstack.org/ossa/OSSA-2021-006.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.openstack.org/ossa/OSSA-2021-006.html

reference_url

http://www.openwall.com/lists/oss-security/2021/09/09/2

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/09/09/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2003248
reference_id	2003248
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2003248

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994202
reference_id	994202
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994202

reference_url

https://github.com/advisories/GHSA-cpx3-696p-3cw9

reference_id

GHSA-cpx3-696p-3cw9

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cpx3-696p-3cw9

reference_url	https://access.redhat.com/errata/RHSA-2022:0990
reference_id	RHSA-2022:0990
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0990

reference_url	https://access.redhat.com/errata/RHSA-2022:0996
reference_id	RHSA-2022:0996
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0996

reference_url	https://usn.ubuntu.com/6067-1/
reference_id	USN-6067-1
reference_type
scores
url	https://usn.ubuntu.com/6067-1/

fixed_packages

aliases

CVE-2021-40797, GHSA-cpx3-696p-3cw9, PYSEC-2021-329

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-wv6g-4622-tqdw

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openstack-neutron@1:15.3.5-2.20220113150031%3Farch=el8ost

Package Instance