Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/nova@2014.1.1-8?distro=trixie

Type deb

Namespace debian

Name nova

Version 2014.1.1-8

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2014.1.3-1

Latest_non_vulnerable_version 2:33.0.1-2

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-q2pf-qwnc-5qa2

vulnerability_id VCID-q2pf-qwnc-5qa2

summary

Exposure of Sensitive Information to an Unauthorized Actor
api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests.

references

reference_url

https://access.redhat.com/errata/RHSA-2014:0940

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2014:0940

reference_url

https://access.redhat.com/errata/RHSA-2014:1084

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2014:1084

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3517

reference_id

reference_type

scores

value	0.00398
scoring_system	epss
scoring_elements	0.60899
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3517

reference_url

https://bugs.launchpad.net/nova/+bug/1325128

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/nova/+bug/1325128

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1112499

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1112499

reference_url

https://opendev.org/openstack/nova

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://opendev.org/openstack/nova

reference_url

http://www.openwall.com/lists/oss-security/2014/07/17/2

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2014/07/17/2

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755042
reference_id	755042
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755042

reference_url

https://access.redhat.com/security/cve/CVE-2014-3517

reference_id

CVE-2014-3517

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2014-3517

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3517

reference_id

CVE-2014-3517

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3517

reference_url	https://github.com/advisories/GHSA-xjmj-p278-4jp5
reference_id	GHSA-xjmj-p278-4jp5
reference_type
scores
url	https://github.com/advisories/GHSA-xjmj-p278-4jp5

reference_url	https://usn.ubuntu.com/2325-1/
reference_id	USN-2325-1
reference_type
scores
url	https://usn.ubuntu.com/2325-1/

fixed_packages

url	pkg:deb/debian/nova@2014.1.1-8?distro=trixie
purl	pkg:deb/debian/nova@2014.1.1-8?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.1-8%3Fdistro=trixie

url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ajec-k7qb-6yek

vulnerability	VCID-fpvj-5qws-tydy

vulnerability	VCID-rk1s-qbb6-2yh5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie
purl	pkg:deb/debian/nova@2:26.2.2-1~deb12u4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u4%3Fdistro=trixie

url	pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl	pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/nova@2:33.0.1-2?distro=trixie
purl	pkg:deb/debian/nova@2:33.0.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.1-2%3Fdistro=trixie

aliases CVE-2014-3517, GHSA-xjmj-p278-4jp5

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q2pf-qwnc-5qa2

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2014.1.1-8%3Fdistro=trixie

Package Instance