Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/nova@2013.1.3-1?distro=trixie

Type deb

Namespace debian

Name nova

Version 2013.1.3-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2013.2-1

Latest_non_vulnerable_version 2:33.0.0-4

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-7wvt-bvww-g7ck

vulnerability_id VCID-7wvt-bvww-g7ck

summary

OpenStack Compute (Nova) Resource limit circumvention in Nova private flavors
The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id.  NOTE: this issue is due to an incomplete fix for CVE-2013-2256.

references

reference_url

http://lists.openstack.org/pipermail/openstack-announce/2013-August/000138.html

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://lists.openstack.org/pipermail/openstack-announce/2013-August/000138.html

reference_url

http://rhn.redhat.com/errata/RHSA-2013-1199.html

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-1199.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4278.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4278.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4278

reference_id

reference_type

scores

value	0.00201
scoring_system	epss
scoring_elements	0.42242
published_at	2026-04-18T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42266
published_at	2026-04-16T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42216
published_at	2026-04-13T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42258
published_at	2026-04-09T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42174
published_at	2026-04-21T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.4228
published_at	2026-04-11T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.4217
published_at	2026-04-01T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42228
published_at	2026-04-02T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42244
published_at	2026-04-12T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42257
published_at	2026-04-04T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42199
published_at	2026-04-07T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.4225
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4278

reference_url

https://bugs.launchpad.net/ossa/+bug/1212179

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/ossa/+bug/1212179

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4278
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4278

reference_url

https://github.com/openstack/nova

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/nova

reference_url

https://github.com/openstack/nova/commit/4054cc4a22a1fea997dec76afb5646fd6c6ea6b9

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/nova/commit/4054cc4a22a1fea997dec76afb5646fd6c6ea6b9

reference_url

https://github.com/openstack/nova/commit/6825959560e06725d26625fd21f5c0b78b305492

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/nova/commit/6825959560e06725d26625fd21f5c0b78b305492

reference_url

https://github.com/openstack/nova/commit/8b686195afe7e6dfb46c56c1ef2fe9c993d8e495

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/nova/commit/8b686195afe7e6dfb46c56c1ef2fe9c993d8e495

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-4278

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4278

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1000086
reference_id	1000086
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1000086

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720602
reference_id	720602
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720602

reference_url

https://github.com/advisories/GHSA-43cm-73px-5v4m

reference_id

GHSA-43cm-73px-5v4m

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-43cm-73px-5v4m

reference_url	https://usn.ubuntu.com/2000-1/
reference_id	USN-2000-1
reference_type
scores
url	https://usn.ubuntu.com/2000-1/

fixed_packages

url	pkg:deb/debian/nova@2013.1.3-1?distro=trixie
purl	pkg:deb/debian/nova@2013.1.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.1.3-1%3Fdistro=trixie

url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hd9e-1msb-uqa6

vulnerability	VCID-m5vc-4my3-87gk

vulnerability	VCID-zwuz-pgjz-rkb9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl	pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie

url	pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl	pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl	pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie

url	pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl	pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie

url	pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl	pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie

url	pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl	pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie

url	pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl	pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie

aliases CVE-2013-4278, GHSA-43cm-73px-5v4m

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7wvt-bvww-g7ck

url VCID-sj2k-uq1g-suby

vulnerability_id VCID-sj2k-uq1g-suby

summary

Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2013-4179 OpenStack: Nova XML entities DoS

references

reference_url

http://rhn.redhat.com/errata/RHSA-2013-1199.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2013-1199.html

reference_url

https://access.redhat.com/errata/RHSA-2013:1199

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2013:1199

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4179.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4179.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2013-4179

reference_id

reference_type

scores

value	0.00669
scoring_system	epss
scoring_elements	0.7133
published_at	2026-04-12T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.71344
published_at	2026-04-21T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.71365
published_at	2026-04-18T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.71345
published_at	2026-04-11T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.71313
published_at	2026-04-13T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.71267
published_at	2026-04-07T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.71275
published_at	2026-04-02T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.71359
published_at	2026-04-16T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.71292
published_at	2026-04-04T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.71309
published_at	2026-04-08T12:55:00Z

value	0.00669
scoring_system	epss
scoring_elements	0.71322
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2013-4179

reference_url

https://bugs.launchpad.net/ossa/+bug/1190229

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugs.launchpad.net/ossa/+bug/1190229

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=989707

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=989707

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4179
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4179

reference_url

https://opendev.org/openstack/nova

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://opendev.org/openstack/nova

reference_url

http://www.ubuntu.com/usn/USN-2005-1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.ubuntu.com/usn/USN-2005-1

reference_url

https://access.redhat.com/security/cve/CVE-2013-4179

reference_id

CVE-2013-4179

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2013-4179

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2013-4179

reference_id

CVE-2013-4179

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2013-4179

reference_url

https://github.com/advisories/GHSA-j6xh-q826-55jw

reference_id

GHSA-j6xh-q826-55jw

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j6xh-q826-55jw

reference_url	https://usn.ubuntu.com/2000-1/
reference_id	USN-2000-1
reference_type
scores
url	https://usn.ubuntu.com/2000-1/

reference_url	https://usn.ubuntu.com/2005-1/
reference_id	USN-2005-1
reference_type
scores
url	https://usn.ubuntu.com/2005-1/

fixed_packages

url	pkg:deb/debian/nova@2013.1.3-1?distro=trixie
purl	pkg:deb/debian/nova@2013.1.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.1.3-1%3Fdistro=trixie

url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hd9e-1msb-uqa6

vulnerability	VCID-m5vc-4my3-87gk

vulnerability	VCID-zwuz-pgjz-rkb9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl	pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie

url	pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl	pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl	pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie

url	pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl	pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie

url	pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl	pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie

url	pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl	pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie

url	pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl	pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie

aliases CVE-2013-4179, GHSA-j6xh-q826-55jw

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sj2k-uq1g-suby

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2013.1.3-1%3Fdistro=trixie

Package Instance