VulnerableCode Package Details - pkg:deb/debian/swift@2.10.2-1~deb9u1~bpo8%2B1

Search for packages

Vulnerability	Summary	Fixed by
VCID-4k1g-3b3h-1fbz Aliases: CVE-2017-8761 GHSA-8fxc-qm65-vpxg	Temporary urls leaked via logging In OpenStack Swift prior to 2.15.2, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.	2.19.1-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-qsxb-qjb1-mqfd Aliases: CVE-2022-47950 GHSA-274c-rx2j-2v3x	OpenStack Swift XML external entities (XXE) Injection An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).	2.26.0-10+deb11u1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-4k1g-3b3h-1fbz
Aliases:
CVE-2017-8761
GHSA-8fxc-qm65-vpxg

Temporary urls leaked via logging In OpenStack Swift prior to 2.15.2, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.

2.19.1-1
Affected by 1 other vulnerability.

VCID-qsxb-qjb1-mqfd
Aliases:
CVE-2022-47950
GHSA-274c-rx2j-2v3x

OpenStack Swift XML external entities (XXE) Injection An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).

2.26.0-10+deb11u1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1k44-tzfw-pkhw	OpenStack Object Storage (Swift) allows remote attackers to cause a denial of service A memory-leak issue was found in OpenStack Object Storage (swift), in the client-to-proxy connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption.	CVE-2016-0737 GHSA-972c-cfv8-2hq8
VCID-4wxz-pgew-5uc4	OpenStack Object Storage (Swift) allows remote attackers to cause a denial of service OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.	CVE-2016-0738 GHSA-fxwr-2vxm-cg7p
VCID-cczb-m9jq-wbb2	OpenStack Swift Unauthorized delete of versioned Swift object OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.	CVE-2015-1856 GHSA-cc77-5vw4-7pwg
VCID-yhkc-dkqq-x7fg	Exposure of Sensitive Information to an Unauthorized Actor OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.	CVE-2015-5223 GHSA-q45h-chc8-hvp6

Vulnerability

Summary

Aliases

VCID-1k44-tzfw-pkhw

OpenStack Object Storage (Swift) allows remote attackers to cause a denial of service A memory-leak issue was found in OpenStack Object Storage (swift), in the client-to-proxy connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption.

CVE-2016-0737
GHSA-972c-cfv8-2hq8

VCID-4wxz-pgew-5uc4

OpenStack Object Storage (Swift) allows remote attackers to cause a denial of service OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.

CVE-2016-0738
GHSA-fxwr-2vxm-cg7p

VCID-cczb-m9jq-wbb2

OpenStack Swift Unauthorized delete of versioned Swift object OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.

CVE-2015-1856
GHSA-cc77-5vw4-7pwg

VCID-yhkc-dkqq-x7fg

Exposure of Sensitive Information to an Unauthorized Actor OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.

CVE-2015-5223
GHSA-q45h-chc8-hvp6

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T00:26:33.354522+00:00	Debian Oval Importer	Fixing	VCID-4wxz-pgew-5uc4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T22:19:33.213002+00:00	Debian Oval Importer	Fixing	VCID-yhkc-dkqq-x7fg	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T20:50:12.365558+00:00	Debian Oval Importer	Fixing	VCID-cczb-m9jq-wbb2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T17:55:24.861921+00:00	Debian Oval Importer	Affected by	VCID-4k1g-3b3h-1fbz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T16:54:19.786309+00:00	Debian Oval Importer	Affected by	VCID-qsxb-qjb1-mqfd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T16:50:48.553930+00:00	Debian Oval Importer	Fixing	VCID-1k44-tzfw-pkhw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-11T23:59:55.415241+00:00	Debian Oval Importer	Fixing	VCID-4wxz-pgew-5uc4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T21:57:01.702355+00:00	Debian Oval Importer	Fixing	VCID-yhkc-dkqq-x7fg	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T20:30:51.181612+00:00	Debian Oval Importer	Fixing	VCID-cczb-m9jq-wbb2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T17:41:20.149692+00:00	Debian Oval Importer	Affected by	VCID-4k1g-3b3h-1fbz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T16:41:01.852800+00:00	Debian Oval Importer	Affected by	VCID-qsxb-qjb1-mqfd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T16:37:34.833026+00:00	Debian Oval Importer	Fixing	VCID-1k44-tzfw-pkhw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T23:31:29.554904+00:00	Debian Oval Importer	Fixing	VCID-4wxz-pgew-5uc4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T21:34:17.123366+00:00	Debian Oval Importer	Fixing	VCID-yhkc-dkqq-x7fg	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T20:11:08.709234+00:00	Debian Oval Importer	Fixing	VCID-cczb-m9jq-wbb2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T17:28:38.634353+00:00	Debian Oval Importer	Affected by	VCID-4k1g-3b3h-1fbz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T16:31:34.493202+00:00	Debian Oval Importer	Affected by	VCID-qsxb-qjb1-mqfd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T16:28:18.348486+00:00	Debian Oval Importer	Fixing	VCID-1k44-tzfw-pkhw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0