Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/glance@20.2.0
Typepypi
Namespace
Nameglance
Version20.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version29.2.0
Latest_non_vulnerable_version31.1.0
Affected_by_vulnerabilities
0
url VCID-3hv9-1384-6kh3
vulnerability_id VCID-3hv9-1384-6kh3
summary 
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access
An issue was discovered in OpenStack Cinder through 24.0.0, Glance before 28.0.2, and Nova before 29.0.3. Arbitrary file access can occur via custom QCOW2 external data. By supplying a crafted QCOW2 image that references a specific data file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. All Cinder and Nova deployments are affected; only Glance deployments with image conversion enabled are affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-32498.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-32498
reference_id
reference_type
scores
0
value 0.00214
scoring_system epss
scoring_elements 0.44029
published_at 2026-06-06T12:55:00Z
1
value 0.00214
scoring_system epss
scoring_elements 0.43968
published_at 2026-06-08T12:55:00Z
2
value 0.00214
scoring_system epss
scoring_elements 0.44004
published_at 2026-06-07T12:55:00Z
3
value 0.00214
scoring_system epss
scoring_elements 0.44021
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-32498
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32498
3
reference_url https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/cinder/commit/78f85c1f9b20a067ef64d6451dee0228c3a0db5e
4
reference_url https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/cinder/commit/d6a186945e03649343af55b46ed8dfe0dd326e40
5
reference_url https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/glance/commit/22f0c9c6f98db1d93569e3edb800c271f35b0ef9
6
reference_url https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/glance/commit/2e65391744a82421bc6f026ee8f1f3550038f175
7
reference_url https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/glance/commit/867d1dd8b6e4f5774257a98c7c33061fbbbde973
8
reference_url https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/glance/commit/cc7d53adbecf85f3d7df78e7618fe8ab3a075c5f
9
reference_url https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/glance/commit/d607e78630cc9d1ca18b3a027322809c042f64df
10
reference_url https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/nova/commit/657e86585cc57f84ab9b364dd189547d231d5927
11
reference_url https://launchpad.net/bugs/2059809
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/
url https://launchpad.net/bugs/2059809
12
reference_url https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/09/msg00016.html
13
reference_url https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2024/09/msg00017.html
14
reference_url https://security.openstack.org/ossa/OSSA-2024-001.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/
url https://security.openstack.org/ossa/OSSA-2024-001.html
15
reference_url https://www.openwall.com/lists/oss-security/2024/07/02/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/
url https://www.openwall.com/lists/oss-security/2024/07/02/2
16
reference_url http://www.openwall.com/lists/oss-security/2024/07/02/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T15:32:53Z/
url http://www.openwall.com/lists/oss-security/2024/07/02/2
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761
reference_id 1074761
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074761
18
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762
reference_id 1074762
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074762
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763
reference_id 1074763
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1074763
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2278663
reference_id 2278663
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2278663
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-32498
reference_id CVE-2024-32498
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-32498
22
reference_url https://github.com/advisories/GHSA-r4v4-w9pv-6fph
reference_id GHSA-r4v4-w9pv-6fph
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r4v4-w9pv-6fph
23
reference_url https://access.redhat.com/errata/RHSA-2024:4272
reference_id RHSA-2024:4272
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4272
24
reference_url https://access.redhat.com/errata/RHSA-2024:4273
reference_id RHSA-2024:4273
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4273
25
reference_url https://access.redhat.com/errata/RHSA-2024:4274
reference_id RHSA-2024:4274
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4274
26
reference_url https://access.redhat.com/errata/RHSA-2024:4425
reference_id RHSA-2024:4425
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4425
27
reference_url https://usn.ubuntu.com/6882-1/
reference_id USN-6882-1
reference_type
scores
url https://usn.ubuntu.com/6882-1/
28
reference_url https://usn.ubuntu.com/6882-2/
reference_id USN-6882-2
reference_type
scores
url https://usn.ubuntu.com/6882-2/
29
reference_url https://usn.ubuntu.com/6883-1/
reference_id USN-6883-1
reference_type
scores
url https://usn.ubuntu.com/6883-1/
30
reference_url https://usn.ubuntu.com/6884-1/
reference_id USN-6884-1
reference_type
scores
url https://usn.ubuntu.com/6884-1/
31
reference_url https://usn.ubuntu.com/8199-1/
reference_id USN-8199-1
reference_type
scores
url https://usn.ubuntu.com/8199-1/
fixed_packages
0
url pkg:pypi/glance@29.0.0.0b1
purl pkg:pypi/glance@29.0.0.0b1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n35v-zaqr-5bd7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/glance@29.0.0.0b1
aliases CVE-2024-32498, GHSA-r4v4-w9pv-6fph
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3hv9-1384-6kh3
1
url VCID-6e9z-82qh-k7du
vulnerability_id VCID-6e9z-82qh-k7du
summary 
OpenStack Cinder, glance, and Nova vulnerable to Path Traversal
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47951.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-47951
reference_id
reference_type
scores
0
value 0.00615
scoring_system epss
scoring_elements 0.703
published_at 2026-06-08T12:55:00Z
1
value 0.00615
scoring_system epss
scoring_elements 0.70279
published_at 2026-06-04T12:55:00Z
2
value 0.00615
scoring_system epss
scoring_elements 0.70321
published_at 2026-06-05T12:55:00Z
3
value 0.00615
scoring_system epss
scoring_elements 0.7033
published_at 2026-06-06T12:55:00Z
4
value 0.00615
scoring_system epss
scoring_elements 0.70312
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-47951
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47951
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47951
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://launchpad.net/bugs/1996188
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://launchpad.net/bugs/1996188
5
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html
6
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html
7
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html
8
reference_url https://security.openstack.org/ossa/OSSA-2023-002.html
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://security.openstack.org/ossa/OSSA-2023-002.html
9
reference_url https://www.debian.org/security/2023/dsa-5336
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://www.debian.org/security/2023/dsa-5336
10
reference_url https://www.debian.org/security/2023/dsa-5337
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://www.debian.org/security/2023/dsa-5337
11
reference_url https://www.debian.org/security/2023/dsa-5338
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-31T16:49:04Z/
url https://www.debian.org/security/2023/dsa-5338
12
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561
reference_id 1029561
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029561
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562
reference_id 1029562
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029562
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563
reference_id 1029563
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029563
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2161812
reference_id 2161812
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2161812
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-47951
reference_id CVE-2022-47951
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-47951
17
reference_url https://github.com/advisories/GHSA-7h75-hwxx-qpgc
reference_id GHSA-7h75-hwxx-qpgc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7h75-hwxx-qpgc
18
reference_url https://access.redhat.com/errata/RHSA-2023:1015
reference_id RHSA-2023:1015
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1015
19
reference_url https://access.redhat.com/errata/RHSA-2023:1016
reference_id RHSA-2023:1016
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1016
20
reference_url https://access.redhat.com/errata/RHSA-2023:1017
reference_id RHSA-2023:1017
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1017
21
reference_url https://access.redhat.com/errata/RHSA-2023:1278
reference_id RHSA-2023:1278
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1278
22
reference_url https://access.redhat.com/errata/RHSA-2023:1279
reference_id RHSA-2023:1279
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1279
23
reference_url https://access.redhat.com/errata/RHSA-2023:1280
reference_id RHSA-2023:1280
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1280
24
reference_url https://usn.ubuntu.com/5835-1/
reference_id USN-5835-1
reference_type
scores
url https://usn.ubuntu.com/5835-1/
25
reference_url https://usn.ubuntu.com/5835-2/
reference_id USN-5835-2
reference_type
scores
url https://usn.ubuntu.com/5835-2/
26
reference_url https://usn.ubuntu.com/5835-3/
reference_id USN-5835-3
reference_type
scores
url https://usn.ubuntu.com/5835-3/
27
reference_url https://usn.ubuntu.com/5835-4/
reference_id USN-5835-4
reference_type
scores
url https://usn.ubuntu.com/5835-4/
28
reference_url https://usn.ubuntu.com/5835-5/
reference_id USN-5835-5
reference_type
scores
url https://usn.ubuntu.com/5835-5/
29
reference_url https://usn.ubuntu.com/6882-2/
reference_id USN-6882-2
reference_type
scores
url https://usn.ubuntu.com/6882-2/
fixed_packages
0
url pkg:pypi/glance@23.0.1
purl pkg:pypi/glance@23.0.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/glance@23.0.1
1
url pkg:pypi/glance@24.0.0.0rc1
purl pkg:pypi/glance@24.0.0.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hv9-1384-6kh3
1
vulnerability VCID-8kuv-b82r-gkef
2
vulnerability VCID-f3dt-ffh1-vyev
3
vulnerability VCID-n35v-zaqr-5bd7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/glance@24.0.0.0rc1
2
url pkg:pypi/glance@24.1.1
purl pkg:pypi/glance@24.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/glance@24.1.1
3
url pkg:pypi/glance@25.0.0.0b2
purl pkg:pypi/glance@25.0.0.0b2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hv9-1384-6kh3
1
vulnerability VCID-f3dt-ffh1-vyev
2
vulnerability VCID-n35v-zaqr-5bd7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/glance@25.0.0.0b2
aliases CVE-2022-47951, GHSA-7h75-hwxx-qpgc
risk_score 3.5
exploitability 0.5
weighted_severity 6.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6e9z-82qh-k7du
2
url VCID-8kuv-b82r-gkef
vulnerability_id VCID-8kuv-b82r-gkef
summary OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623.
references
0
reference_url http://rhn.redhat.com/errata/RHSA-2015-1897.html
reference_id
reference_type
scores
url http://rhn.redhat.com/errata/RHSA-2015-1897.html
1
reference_url https://access.redhat.com/errata/RHSA-2015:1897
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2015:1897
2
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5286.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5286.json
3
reference_url https://access.redhat.com/security/cve/CVE-2015-5286
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/security/cve/CVE-2015-5286
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5286
reference_id
reference_type
scores
0
value 0.00328
scoring_system epss
scoring_elements 0.55955
published_at 2026-06-04T12:55:00Z
1
value 0.00328
scoring_system epss
scoring_elements 0.56002
published_at 2026-06-07T12:55:00Z
2
value 0.00328
scoring_system epss
scoring_elements 0.56015
published_at 2026-06-06T12:55:00Z
3
value 0.00328
scoring_system epss
scoring_elements 0.5601
published_at 2026-06-05T12:55:00Z
4
value 0.00328
scoring_system epss
scoring_elements 0.55986
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5286
5
reference_url https://bugs.launchpad.net/bugs/1498163
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugs.launchpad.net/bugs/1498163
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1267516
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1267516
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5286
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5286
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5286
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5286
9
reference_url https://opendev.org/openstack/glance
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://opendev.org/openstack/glance
10
reference_url https://rhn.redhat.com/errata/RHSA-2015-1897.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://rhn.redhat.com/errata/RHSA-2015-1897.html
11
reference_url https://security.openstack.org/ossa/OSSA-2015-020.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.openstack.org/ossa/OSSA-2015-020.html
12
reference_url https://web.archive.org/web/20200228024859/http://www.securityfocus.com/bid/76943
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228024859/http://www.securityfocus.com/bid/76943
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800741
reference_id 800741
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800741
14
reference_url https://github.com/advisories/GHSA-gvjg-r9fv-7qx9
reference_id GHSA-gvjg-r9fv-7qx9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gvjg-r9fv-7qx9
15
reference_url https://usn.ubuntu.com/3446-1/
reference_id USN-3446-1
reference_type
scores
url https://usn.ubuntu.com/3446-1/
fixed_packages
0
url pkg:pypi/glance@2014.2.4
purl pkg:pypi/glance@2014.2.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/glance@2014.2.4
1
url pkg:pypi/glance@2015.1.2
purl pkg:pypi/glance@2015.1.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/glance@2015.1.2
aliases CVE-2015-5286, GHSA-gvjg-r9fv-7qx9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8kuv-b82r-gkef
3
url VCID-f3dt-ffh1-vyev
vulnerability_id VCID-f3dt-ffh1-vyev
summary A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4134.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-4134.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-4134
reference_id
reference_type
scores
0
value 0.00072
scoring_system epss
scoring_elements 0.21936
published_at 2026-06-04T12:55:00Z
1
value 0.00072
scoring_system epss
scoring_elements 0.22004
published_at 2026-06-06T12:55:00Z
2
value 0.00072
scoring_system epss
scoring_elements 0.21896
published_at 2026-06-08T12:55:00Z
3
value 0.00072
scoring_system epss
scoring_elements 0.21955
published_at 2026-06-07T12:55:00Z
4
value 0.00072
scoring_system epss
scoring_elements 0.22017
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-4134
2
reference_url https://bugs.launchpad.net/glance/+bug/1990157
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T19:53:36Z/
url https://bugs.launchpad.net/glance/+bug/1990157
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2147462
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T19:53:36Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2147462
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/openstack/glance
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/glance
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2023-270.yaml
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2023-270.yaml
7
reference_url https://wiki.openstack.org/wiki/OSSN/OSSN-0090
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T19:53:36Z/
url https://wiki.openstack.org/wiki/OSSN/OSSN-0090
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-0757
reference_id CVE-2016-0757
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-0757
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-4134
reference_id CVE-2022-4134
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-4134
10
reference_url https://github.com/advisories/GHSA-5gp5-vxj6-4257
reference_id GHSA-5gp5-vxj6-4257
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5gp5-vxj6-4257
fixed_packages
0
url pkg:pypi/glance@26.0.0.0b2
purl pkg:pypi/glance@26.0.0.0b2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3hv9-1384-6kh3
1
vulnerability VCID-n35v-zaqr-5bd7
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/glance@26.0.0.0b2
aliases CVE-2022-4134, GHSA-5gp5-vxj6-4257, PYSEC-2023-270
risk_score 2.1
exploitability 0.5
weighted_severity 4.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f3dt-ffh1-vyev
4
url VCID-n35v-zaqr-5bd7
vulnerability_id VCID-n35v-zaqr-5bd7
summary OpenStack Glance: OpenStack Glance: Server-Side Request Forgery via HTTP redirects in image import
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34881.json
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34881.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34881
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.1297
published_at 2026-06-05T12:55:00Z
1
value 0.00041
scoring_system epss
scoring_elements 0.12973
published_at 2026-06-06T12:55:00Z
2
value 0.00048
scoring_system epss
scoring_elements 0.15248
published_at 2026-06-08T12:55:00Z
3
value 0.00048
scoring_system epss
scoring_elements 0.15332
published_at 2026-06-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34881
2
reference_url https://bugs.launchpad.net/glance/+bug/2138602
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:47:30Z/
url https://bugs.launchpad.net/glance/+bug/2138602
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34881
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34881
4
reference_url https://github.com/openstack/glance
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/openstack/glance
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34881
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34881
6
reference_url https://security.openstack.org/ossa/OSSA-2026-004.html
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:47:30Z/
url https://security.openstack.org/ossa/OSSA-2026-004.html
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131274
reference_id 1131274
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131274
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2453289
reference_id 2453289
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2453289
9
reference_url https://github.com/advisories/GHSA-mc26-q38v-83gv
reference_id GHSA-mc26-q38v-83gv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mc26-q38v-83gv
10
reference_url https://usn.ubuntu.com/8199-1/
reference_id USN-8199-1
reference_type
scores
url https://usn.ubuntu.com/8199-1/
fixed_packages
0
url pkg:pypi/glance@29.2.0
purl pkg:pypi/glance@29.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/glance@29.2.0
1
url pkg:pypi/glance@30.2.0
purl pkg:pypi/glance@30.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/glance@30.2.0
2
url pkg:pypi/glance@31.1.0
purl pkg:pypi/glance@31.1.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/glance@31.1.0
aliases CVE-2026-34881, GHSA-mc26-q38v-83gv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n35v-zaqr-5bd7
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/glance@20.2.0