Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-mafw-5w16-3qcx
SummaryAn issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to a log file as part of a GET URI. This allows attackers to bypass authentication by inserting a token into an X-Auth-Token header of a new request. NOTE: github.com/openstack/swauth URLs do not mean that Swauth is maintained by an official OpenStack project team.
Aliases
0
alias CVE-2017-16613
1
alias PYSEC-2017-84
Fixed_packages
0
url pkg:pypi/swauth@1.3.0
purl pkg:pypi/swauth@1.3.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/swauth@1.3.0
Affected_packages
0
url pkg:pypi/swauth@1.0.8
purl pkg:pypi/swauth@1.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mafw-5w16-3qcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/swauth@1.0.8
1
url pkg:pypi/swauth@1.1.0
purl pkg:pypi/swauth@1.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mafw-5w16-3qcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/swauth@1.1.0
2
url pkg:pypi/swauth@1.2.0
purl pkg:pypi/swauth@1.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mafw-5w16-3qcx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/swauth@1.2.0
References
0
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882314
reference_id
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882314
1
reference_url https://bugs.launchpad.net/swift/+bug/1655781
reference_id
reference_type
scores
url https://bugs.launchpad.net/swift/+bug/1655781
2
reference_url https://github.com/openstack/swauth/commit/70af7986265a3defea054c46efc82d0698917298
reference_id
reference_type
scores
url https://github.com/openstack/swauth/commit/70af7986265a3defea054c46efc82d0698917298
3
reference_url https://www.debian.org/security/2017/dsa-4044
reference_id
reference_type
scores
url https://www.debian.org/security/2017/dsa-4044
4
reference_url http://www.securityfocus.com/bid/101926
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/101926
Weaknesses
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-mafw-5w16-3qcx