Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/nova@2:16.0.3-6?distro=trixie

Type deb

Namespace debian

Name nova

Version 2:16.0.3-6

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 2:17.0.0-1

Latest_non_vulnerable_version 2:33.0.0-4

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-cwub-w9dp-wfgy

vulnerability_id VCID-cwub-w9dp-wfgy

summary

OpenStack Nova DoS by rebuilding the same instance with a new image multiple times
An issue was discovered in the default FilterScheduler in OpenStack Nova 16.0.3. By repeatedly rebuilding an instance with new images, an authenticated user may consume untracked resources on a hypervisor host leading to a denial of service, aka doubled resource allocations. This regression was introduced with the fix for OSSA-2017-005 (CVE-2017-16239); however, only Nova stable/pike or later deployments with that fix applied and relying on the default FilterScheduler are affected.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17051.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17051.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-17051

reference_id

reference_type

scores

value	0.00841
scoring_system	epss
scoring_elements	0.7475
published_at	2026-04-21T12:55:00Z

value	0.00841
scoring_system	epss
scoring_elements	0.74759
published_at	2026-04-18T12:55:00Z

value	0.00841
scoring_system	epss
scoring_elements	0.74752
published_at	2026-04-16T12:55:00Z

value	0.00841
scoring_system	epss
scoring_elements	0.74715
published_at	2026-04-13T12:55:00Z

value	0.00841
scoring_system	epss
scoring_elements	0.74724
published_at	2026-04-12T12:55:00Z

value	0.00841
scoring_system	epss
scoring_elements	0.74745
published_at	2026-04-11T12:55:00Z

value	0.00841
scoring_system	epss
scoring_elements	0.74722
published_at	2026-04-09T12:55:00Z

value	0.00841
scoring_system	epss
scoring_elements	0.74707
published_at	2026-04-08T12:55:00Z

value	0.00841
scoring_system	epss
scoring_elements	0.74675
published_at	2026-04-07T12:55:00Z

value	0.00841
scoring_system	epss
scoring_elements	0.747
published_at	2026-04-04T12:55:00Z

value	0.00841
scoring_system	epss
scoring_elements	0.74671
published_at	2026-04-01T12:55:00Z

value	0.00841
scoring_system	epss
scoring_elements	0.74674
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-17051

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17051
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17051

reference_url

https://github.com/openstack/nova

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/nova

reference_url

https://github.com/openstack/nova/commit/25a1d78e83065c5bea5d8e0a017fd9d0914d41d9

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/nova/commit/25a1d78e83065c5bea5d8e0a017fd9d0914d41d9

reference_url

https://github.com/openstack/nova/commit/fed660c1189fdf4159d97badfdc8c5b35ad14f23

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/openstack/nova/commit/fed660c1189fdf4159d97badfdc8c5b35ad14f23

reference_url

https://launchpad.net/bugs/1732976

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://launchpad.net/bugs/1732976

reference_url

https://review.openstack.org/521662

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://review.openstack.org/521662

reference_url

https://review.openstack.org/523214

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://review.openstack.org/523214

reference_url

https://security.openstack.org/ossa/OSSA-2017-006.html

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.openstack.org/ossa/OSSA-2017-006.html

reference_url

http://www.securityfocus.com/bid/102102

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/102102

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1519231
reference_id	1519231
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1519231

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883621
reference_id	883621
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883621

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.3:::::::*
reference_id	cpe:2.3:a:openstack:nova:16.0.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:nova:16.0.3:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-17051

reference_id

CVE-2017-17051

reference_type

scores

value	4.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:S/C:N/I:N/A:P

value	8.6
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-17051

reference_url

https://github.com/advisories/GHSA-vq76-rxx3-4r4r

reference_id

GHSA-vq76-rxx3-4r4r

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vq76-rxx3-4r4r

fixed_packages

url	pkg:deb/debian/nova@2:16.0.3-6?distro=trixie
purl	pkg:deb/debian/nova@2:16.0.3-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:16.0.3-6%3Fdistro=trixie

url pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie

purl pkg:deb/debian/nova@2:22.0.1-2%2Bdeb11u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-hd9e-1msb-uqa6

vulnerability	VCID-m5vc-4my3-87gk

vulnerability	VCID-zwuz-pgjz-rkb9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:22.0.1-2%252Bdeb11u1%3Fdistro=trixie

url	pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
purl	pkg:deb/debian/nova@2:26.2.2-1~deb12u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:26.2.2-1~deb12u3%3Fdistro=trixie

url	pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
purl	pkg:deb/debian/nova@2:31.0.0-6%2Bdeb13u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:31.0.0-6%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
purl	pkg:deb/debian/nova@2:33.0.0~rc1-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0~rc1-5%3Fdistro=trixie

url	pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
purl	pkg:deb/debian/nova@2:33.0.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-1%3Fdistro=trixie

url	pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
purl	pkg:deb/debian/nova@2:33.0.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-2%3Fdistro=trixie

url	pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
purl	pkg:deb/debian/nova@2:33.0.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-3%3Fdistro=trixie

url	pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
purl	pkg:deb/debian/nova@2:33.0.0-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:33.0.0-4%3Fdistro=trixie

aliases CVE-2017-17051, GHSA-vq76-rxx3-4r4r

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cwub-w9dp-wfgy

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nova@2:16.0.3-6%3Fdistro=trixie

Package Instance