VulnerableCode Package Details - pkg:pypi/glance@2015.1.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-9sg5-tbvn-syba Aliases: CVE-2015-5286 GHSA-gvjg-r9fv-7qx9	OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623.	2015.1.2 Affected by 0 other vulnerabilities.
VCID-hbpu-kpak-2uer Aliases: CVE-2015-5163 GHSA-q73f-vjc2-3gqf PYSEC-2015-39	The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.	2015.1.2 Affected by 0 other vulnerabilities.
VCID-k2u9-5g8v-bucz Aliases: CVE-2015-5251 GHSA-q748-mcwg-xmqv	OpenStack Image Service (Glance) allows remote authenticated users to bypass access restrictions OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.	2015.1.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-9sg5-tbvn-syba
Aliases:
CVE-2015-5286
GHSA-gvjg-r9fv-7qx9

OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623.

2015.1.2
Affected by 0 other vulnerabilities.

VCID-hbpu-kpak-2uer
Aliases:
CVE-2015-5163
GHSA-q73f-vjc2-3gqf
PYSEC-2015-39

The import task action in OpenStack Image Service (Glance) 2015.1.x before 2015.1.2 (kilo), when using the V2 API, allows remote authenticated users to read arbitrary files via a crafted backing file for a qcow2 image.

2015.1.2
Affected by 0 other vulnerabilities.

VCID-k2u9-5g8v-bucz
Aliases:
CVE-2015-5251
GHSA-q748-mcwg-xmqv

OpenStack Image Service (Glance) allows remote authenticated users to bypass access restrictions OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allow remote authenticated users to change the status of their images and bypass access restrictions via the HTTP x-image-meta-status header to images/*.

2015.1.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-04T14:31:38.260229+00:00	GHSA Importer	Affected by	VCID-k2u9-5g8v-bucz	https://github.com/advisories/GHSA-q748-mcwg-xmqv	38.1.0
2026-04-04T14:31:32.009635+00:00	GHSA Importer	Affected by	VCID-9sg5-tbvn-syba	https://github.com/advisories/GHSA-gvjg-r9fv-7qx9	38.1.0
2026-04-04T14:31:31.947818+00:00	GHSA Importer	Affected by	VCID-hbpu-kpak-2uer	https://github.com/advisories/GHSA-q73f-vjc2-3gqf	38.1.0
2026-04-03T21:26:03.865225+00:00	GitLab Importer	Affected by	VCID-hbpu-kpak-2uer	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/glance/CVE-2015-5163.yml	38.1.0
2026-04-03T21:25:59.309548+00:00	GitLab Importer	Affected by	VCID-9sg5-tbvn-syba	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/glance/CVE-2015-5286.yml	38.1.0
2026-04-03T21:25:54.935304+00:00	GitLab Importer	Affected by	VCID-k2u9-5g8v-bucz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/glance/CVE-2015-5251.yml	38.1.0