Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/nova@15.0.1

Type pypi

Namespace

Name nova

Version 15.0.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 15.0.2

Latest_non_vulnerable_version 2015.1.2

Affected_by_vulnerabilities

url VCID-wn3h-y5yh-bbb3

vulnerability_id VCID-wn3h-y5yh-bbb3

summary

OpenStack Nova logs sensitive context from notification exceptions
An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x through 13.1.3, 14.x through 14.0.4, and 15.x through 15.0.1. Legacy notification exception contexts appearing in ERROR level logs may include sensitive information such as account passwords and authorization tokens.

references

reference_url	https://access.redhat.com/errata/RHSA-2017:1508
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1508

reference_url	https://access.redhat.com/errata/RHSA-2017:1595
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:1595

reference_url	https://github.com/openstack/nova
reference_id
reference_type
scores
url	https://github.com/openstack/nova

reference_url	https://github.com/openstack/nova/commit/3f985f1eda6f29180878a3d21c20c5057179486a
reference_id
reference_type
scores
url	https://github.com/openstack/nova/commit/3f985f1eda6f29180878a3d21c20c5057179486a

reference_url	https://github.com/openstack/nova/commit/acb19160d4d348e29a21ad57c61c7369352c4d1c
reference_id
reference_type
scores
url	https://github.com/openstack/nova/commit/acb19160d4d348e29a21ad57c61c7369352c4d1c

reference_url	https://github.com/openstack/nova/commit/c2c91ce44592fc5dc2aacee1cf7f5b5cfd2e9a0a
reference_id
reference_type
scores
url	https://github.com/openstack/nova/commit/c2c91ce44592fc5dc2aacee1cf7f5b5cfd2e9a0a

reference_url	https://github.com/openstack/nova/commit/e193201fa1de5b08b29adefd8c149935c5529598
reference_id
reference_type
scores
url	https://github.com/openstack/nova/commit/e193201fa1de5b08b29adefd8c149935c5529598

reference_url	https://launchpad.net/bugs/1673569
reference_id
reference_type
scores
url	https://launchpad.net/bugs/1673569

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-7214
reference_id	CVE-2017-7214
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-7214

reference_url	https://github.com/advisories/GHSA-f4g4-cj8f-3cr9
reference_id	GHSA-f4g4-cj8f-3cr9
reference_type
scores
url	https://github.com/advisories/GHSA-f4g4-cj8f-3cr9

fixed_packages

url	pkg:pypi/nova@15.0.2
purl	pkg:pypi/nova@15.0.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/nova@15.0.2

aliases CVE-2017-7214, GHSA-f4g4-cj8f-3cr9

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wn3h-y5yh-bbb3

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/nova@15.0.1

Package Instance