Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/swift@2.23.0

Type pypi

Namespace

Name swift

Version 2.23.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.28.1

Latest_non_vulnerable_version 2.30.1

Affected_by_vulnerabilities

url VCID-qsxb-qjb1-mqfd

vulnerability_id VCID-qsxb-qjb1-mqfd

summary

OpenStack Swift XML external entities (XXE) Injection
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47950.json

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47950.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-47950

reference_id

reference_type

scores

value	0.00234
scoring_system	epss
scoring_elements	0.46286
published_at	2026-04-21T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46342
published_at	2026-04-18T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46346
published_at	2026-04-16T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46289
published_at	2026-04-13T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.4628
published_at	2026-04-12T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46308
published_at	2026-04-11T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46283
published_at	2026-04-08T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46227
published_at	2026-04-07T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46281
published_at	2026-04-04T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46261
published_at	2026-04-02T12:55:00Z

value	0.00234
scoring_system	epss
scoring_elements	0.46284
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-47950

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47950
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47950

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/openstack/swift

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/swift

reference_url

https://github.com/openstack/swift/commit/12e54391861e7d182d58f89fb88b027e65842640

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/swift/commit/12e54391861e7d182d58f89fb88b027e65842640

reference_url

https://github.com/openstack/swift/commit/7d13d1a82e1f5d01205a13184907501b4fcbe2b0

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/swift/commit/7d13d1a82e1f5d01205a13184907501b4fcbe2b0

reference_url

https://github.com/openstack/swift/commit/8dd96470a859dc7b189404fb67bd3899ae9c617f

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/swift/commit/8dd96470a859dc7b189404fb67bd3899ae9c617f

reference_url

https://github.com/openstack/swift/commit/b8467e190f6fc67fd8fb6a8c5e32b2aa6a10fd8e

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/swift/commit/b8467e190f6fc67fd8fb6a8c5e32b2aa6a10fd8e

reference_url

https://github.com/openstack/swift/commit/baa98848451b5c234443a068691e12841a5a8383

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/swift/commit/baa98848451b5c234443a068691e12841a5a8383

reference_url

https://github.com/openstack/swift/commit/c834e7a53d5a33a3fd13ffd954e6f4f4ee953dfc

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/swift/commit/c834e7a53d5a33a3fd13ffd954e6f4f4ee953dfc

reference_url

https://github.com/openstack/swift/commit/d8d04ef43c90079d436b2e49617b4425ba39c28e

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/swift/commit/d8d04ef43c90079d436b2e49617b4425ba39c28e

reference_url

https://github.com/openstack/swift/commit/f10672514217adadfc776d9ea2ffb20a37ce073b

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/swift/commit/f10672514217adadfc776d9ea2ffb20a37ce073b

reference_url

https://launchpad.net/bugs/1998625

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-04T15:46:54Z/

url

https://launchpad.net/bugs/1998625

reference_url

https://lists.debian.org/debian-lts-announce/2023/01/msg00021.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-04T15:46:54Z/

url

https://lists.debian.org/debian-lts-announce/2023/01/msg00021.html

reference_url

https://security.openstack.org/ossa/OSSA-2023-001.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-04T15:46:54Z/

url

https://security.openstack.org/ossa/OSSA-2023-001.html

reference_url

https://www.debian.org/security/2023/dsa-5327

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-04T15:46:54Z/

url

https://www.debian.org/security/2023/dsa-5327

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029154
reference_id	1029154
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029154

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2160618
reference_id	2160618
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2160618

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-47950

reference_id

CVE-2022-47950

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-47950

reference_url

https://github.com/advisories/GHSA-274c-rx2j-2v3x

reference_id

GHSA-274c-rx2j-2v3x

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-274c-rx2j-2v3x

reference_url	https://access.redhat.com/errata/RHSA-2023:1013
reference_id	RHSA-2023:1013
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1013

reference_url	https://access.redhat.com/errata/RHSA-2023:1277
reference_id	RHSA-2023:1277
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1277

reference_url	https://usn.ubuntu.com/5852-1/
reference_id	USN-5852-1
reference_type
scores
url	https://usn.ubuntu.com/5852-1/

fixed_packages

url	pkg:pypi/swift@2.28.1
purl	pkg:pypi/swift@2.28.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/swift@2.28.1

url	pkg:pypi/swift@2.29.2
purl	pkg:pypi/swift@2.29.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/swift@2.29.2

url	pkg:pypi/swift@2.30.1
purl	pkg:pypi/swift@2.30.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/swift@2.30.1

aliases CVE-2022-47950, GHSA-274c-rx2j-2v3x

risk_score 3.5

exploitability 0.5

weighted_severity 6.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qsxb-qjb1-mqfd

Fixing_vulnerabilities

Risk_score 3.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/swift@2.23.0

Package Instance