VulnerableCode Package Details - pkg:deb/debian/swift@2.19.1-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-qsxb-qjb1-mqfd Aliases: CVE-2022-47950 GHSA-274c-rx2j-2v3x	OpenStack Swift XML external entities (XXE) Injection An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).	2.26.0-10+deb11u1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-qsxb-qjb1-mqfd
Aliases:
CVE-2022-47950
GHSA-274c-rx2j-2v3x

OpenStack Swift XML external entities (XXE) Injection An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).

2.26.0-10+deb11u1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4k1g-3b3h-1fbz	Temporary urls leaked via logging In OpenStack Swift prior to 2.15.2, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.	CVE-2017-8761 GHSA-8fxc-qm65-vpxg

Vulnerability

Summary

Aliases

VCID-4k1g-3b3h-1fbz

Temporary urls leaked via logging In OpenStack Swift prior to 2.15.2, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.

CVE-2017-8761
GHSA-8fxc-qm65-vpxg

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T17:55:24.868989+00:00	Debian Oval Importer	Fixing	VCID-4k1g-3b3h-1fbz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T16:54:19.792630+00:00	Debian Oval Importer	Affected by	VCID-qsxb-qjb1-mqfd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-11T17:41:20.157771+00:00	Debian Oval Importer	Fixing	VCID-4k1g-3b3h-1fbz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T16:41:01.865088+00:00	Debian Oval Importer	Affected by	VCID-qsxb-qjb1-mqfd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T17:28:38.647496+00:00	Debian Oval Importer	Fixing	VCID-4k1g-3b3h-1fbz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T16:31:34.503960+00:00	Debian Oval Importer	Affected by	VCID-qsxb-qjb1-mqfd	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0