Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/openstack-neutron@1:15.2.1-1.20220112133420?arch=el8ost

Type rpm

Namespace redhat

Name openstack-neutron

Version 1:15.2.1-1.20220112133420

Qualifiers

arch	el8ost

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-69mn-brsx-xydy

vulnerability_id

VCID-69mn-brsx-xydy

summary

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40797.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40797.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-40797

reference_id

reference_type

scores

value	0.00694
scoring_system	epss
scoring_elements	0.72273
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-40797

reference_url

https://github.com/openstack/neutron

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/neutron

reference_url

https://github.com/openstack/neutron/commit/e610a5eb9e71aa2549fb11e2139370d227787da2

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/neutron/commit/e610a5eb9e71aa2549fb11e2139370d227787da2

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-329.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-329.yaml

reference_url

https://launchpad.net/bugs/1942179

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://launchpad.net/bugs/1942179

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-40797

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-40797

reference_url

https://security.openstack.org/ossa/OSSA-2021-006.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.openstack.org/ossa/OSSA-2021-006.html

reference_url

http://www.openwall.com/lists/oss-security/2021/09/09/2

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2021/09/09/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2003248
reference_id	2003248
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2003248

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994202
reference_id	994202
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994202

reference_url	https://access.redhat.com/errata/RHSA-2022:0990
reference_id	RHSA-2022:0990
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0990

reference_url	https://access.redhat.com/errata/RHSA-2022:0996
reference_id	RHSA-2022:0996
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0996

fixed_packages

aliases

CVE-2021-40797, GHSA-cpx3-696p-3cw9, PYSEC-2021-329

risk_score

4.0

exploitability

0.5

weighted_severity

8.0

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-69mn-brsx-xydy

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openstack-neutron@1:15.2.1-1.20220112133420%3Farch=el8ost

Package Instance