Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/tripleo-heat-templates@0.8.3

Type pypi

Namespace

Name tripleo-heat-templates

Version 0.8.3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 8.0.3

Latest_non_vulnerable_version 11.6.1

Affected_by_vulnerabilities

url VCID-nv7k-zxyu-e3fz

vulnerability_id VCID-nv7k-zxyu-e3fz

summary The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.

references

reference_url

https://access.redhat.com/errata/RHSA-2015:2650

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2015:2650

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5303.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5303.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-5303

reference_id

reference_type

scores

value	0.00326
scoring_system	epss
scoring_elements	0.55873
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-5303

reference_url

https://bugs.launchpad.net/tripleo/+bug/1516027

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/tripleo/+bug/1516027

reference_url

https://github.com/openstack/tripleo-heat-templates

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/tripleo-heat-templates

reference_url

https://github.com/openstack/tripleo-heat-templates/commit/1a0c7d97165c1b38dc9f78b82ac6ec8519fcf80c

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/tripleo-heat-templates/commit/1a0c7d97165c1b38dc9f78b82ac6ec8519fcf80c

reference_url

https://github.com/openstack/tripleo-heat-templates/commit/293f19b2a41386e1eea47a9e6add24b006c69c42

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/tripleo-heat-templates/commit/293f19b2a41386e1eea47a9e6add24b006c69c42

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/tripleo-heat-templates/PYSEC-2016-35.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/tripleo-heat-templates/PYSEC-2016-35.yaml

reference_url

https://opendev.org/openstack/tripleo-heat-templates/commit/1a0c7d97165c1b38dc9f78b82ac6ec8519fcf80c

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://opendev.org/openstack/tripleo-heat-templates/commit/1a0c7d97165c1b38dc9f78b82ac6ec8519fcf80c

reference_url

https://opendev.org/openstack/tripleo-heat-templates/commit/293f19b2a41386e1eea47a9e6add24b006c69c42

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://opendev.org/openstack/tripleo-heat-templates/commit/293f19b2a41386e1eea47a9e6add24b006c69c42

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1272297
reference_id	1272297
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1272297

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-5303

reference_id

CVE-2015-5303

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-5303

reference_url	https://github.com/advisories/GHSA-m94p-8942-pm49
reference_id	GHSA-m94p-8942-pm49
reference_type
scores
url	https://github.com/advisories/GHSA-m94p-8942-pm49

fixed_packages

url pkg:pypi/tripleo-heat-templates@0.8.9

purl pkg:pypi/tripleo-heat-templates@0.8.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vxt7-kug2-nkbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.9

url pkg:pypi/tripleo-heat-templates@0.8.10

purl pkg:pypi/tripleo-heat-templates@0.8.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vxt7-kug2-nkbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.10

aliases CVE-2015-5303, GHSA-m94p-8942-pm49, PYSEC-2016-35

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nv7k-zxyu-e3fz

url VCID-p48m-hmsy-n3d3

vulnerability_id VCID-p48m-hmsy-n3d3

summary The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline when the staticweb middleware is enabled, which might allow remote attackers to obtain sensitive information from private containers via unspecified vectors.

references

reference_url

https://access.redhat.com/errata/RHSA-2015:1862

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2015:1862

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5271.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5271.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-5271

reference_id

reference_type

scores

value	0.00342
scoring_system	epss
scoring_elements	0.57128
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-5271

reference_url

https://bugs.launchpad.net/tripleo/+bug/1494896

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/tripleo/+bug/1494896

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1261697

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1261697

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/tripleo-heat-templates/PYSEC-2016-34.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/tripleo-heat-templates/PYSEC-2016-34.yaml

reference_url

https://git.openstack.org/cgit/openstack/tripleo-heat-templates

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://git.openstack.org/cgit/openstack/tripleo-heat-templates

reference_url

https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=1730d95acdbee7c7bbcfe1eba8a48ef2b0cc1476

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=1730d95acdbee7c7bbcfe1eba8a48ef2b0cc1476

reference_url

https://launchpadlibrarian.net/217268516/CVE-2015-5271_puppet-swift.patch

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://launchpadlibrarian.net/217268516/CVE-2015-5271_puppet-swift.patch

reference_url

https://review.openstack.org/226541

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://review.openstack.org/226541

reference_url

https://access.redhat.com/security/cve/CVE-2015-5271

reference_id

CVE-2015-5271

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2015-5271

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-5271

reference_id

CVE-2015-5271

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2015-5271

reference_url	https://github.com/advisories/GHSA-8936-44gw-7664
reference_id	GHSA-8936-44gw-7664
reference_type
scores
url	https://github.com/advisories/GHSA-8936-44gw-7664

fixed_packages

url pkg:pypi/tripleo-heat-templates@0.8.7

purl pkg:pypi/tripleo-heat-templates@0.8.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-nv7k-zxyu-e3fz

vulnerability	VCID-vxt7-kug2-nkbh

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.7

aliases CVE-2015-5271, GHSA-8936-44gw-7664, PYSEC-2016-34

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p48m-hmsy-n3d3

url VCID-vxt7-kug2-nkbh

vulnerability_id VCID-vxt7-kug2-nkbh

summary A vulnerability was found in openstack-tripleo-heat-templates before version 8.0.2-40. When deployed using Director using default configuration, Opendaylight in RHOSP13 is configured with easily guessable default credentials.

references

reference_url	https://access.redhat.com/errata/RHSA-2018:2214
reference_id
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2018:2214

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10898.json

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10898.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-10898

reference_id

reference_type

scores

value	0.00168
scoring_system	epss
scoring_elements	0.37657
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-10898

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10898
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10898

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1600360
reference_id	1600360
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1600360

fixed_packages

url	pkg:pypi/tripleo-heat-templates@8.0.3
purl	pkg:pypi/tripleo-heat-templates@8.0.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@8.0.3

aliases CVE-2018-10898, PYSEC-2018-102

risk_score 4.0

exploitability 0.5

weighted_severity 7.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vxt7-kug2-nkbh

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tripleo-heat-templates@0.8.3

Package Instance