Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1052220?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1052220?format=api", "purl": "pkg:deb/debian/swift@2.10.2-1~deb9u1~bpo8%2B1", "type": "deb", "namespace": "debian", "name": "swift", "version": "2.10.2-1~deb9u1~bpo8+1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.26.0-10+deb11u1", "latest_non_vulnerable_version": "2.26.0-10+deb11u1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44381?format=api", "vulnerability_id": "VCID-4k1g-3b3h-1fbz", "summary": "Temporary urls leaked via logging\nIn OpenStack Swift prior to 2.15.2, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8761.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8761.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8761", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37392", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37803", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37743", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37505", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37483", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37673", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37855", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.3788", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37758", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37809", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37821", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37836", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.378", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37775", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37822", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8761" }, { "reference_url": "https://bugs.launchpad.net/swift/+bug/1685798/comments/18", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/swift/+bug/1685798/comments/18" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8761" }, { "reference_url": "https://launchpad.net/bugs/1685798", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1685798" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8761", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8761" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850156", "reference_id": "1850156", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850156" }, { "reference_url": "https://github.com/advisories/GHSA-8fxc-qm65-vpxg", "reference_id": "GHSA-8fxc-qm65-vpxg", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8fxc-qm65-vpxg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052289?format=api", "purl": "pkg:deb/debian/swift@2.19.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qsxb-qjb1-mqfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/swift@2.19.1-1" } ], "aliases": [ "CVE-2017-8761", "GHSA-8fxc-qm65-vpxg" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4k1g-3b3h-1fbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16113?format=api", "vulnerability_id": "VCID-qsxb-qjb1-mqfd", "summary": "OpenStack Swift XML external entities (XXE) Injection\nAn issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47950.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47950.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-47950", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46223", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46278", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46267", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46286", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46342", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46346", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46289", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46308", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46284", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46283", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46227", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46281", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46261", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.4628", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-47950" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47950", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47950" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/swift", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift" }, { "reference_url": "https://github.com/openstack/swift/commit/12e54391861e7d182d58f89fb88b027e65842640", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift/commit/12e54391861e7d182d58f89fb88b027e65842640" }, { "reference_url": "https://github.com/openstack/swift/commit/7d13d1a82e1f5d01205a13184907501b4fcbe2b0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift/commit/7d13d1a82e1f5d01205a13184907501b4fcbe2b0" }, { "reference_url": "https://github.com/openstack/swift/commit/8dd96470a859dc7b189404fb67bd3899ae9c617f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift/commit/8dd96470a859dc7b189404fb67bd3899ae9c617f" }, { "reference_url": "https://github.com/openstack/swift/commit/b8467e190f6fc67fd8fb6a8c5e32b2aa6a10fd8e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift/commit/b8467e190f6fc67fd8fb6a8c5e32b2aa6a10fd8e" }, { "reference_url": "https://github.com/openstack/swift/commit/baa98848451b5c234443a068691e12841a5a8383", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift/commit/baa98848451b5c234443a068691e12841a5a8383" }, { "reference_url": "https://github.com/openstack/swift/commit/c834e7a53d5a33a3fd13ffd954e6f4f4ee953dfc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift/commit/c834e7a53d5a33a3fd13ffd954e6f4f4ee953dfc" }, { "reference_url": "https://github.com/openstack/swift/commit/d8d04ef43c90079d436b2e49617b4425ba39c28e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift/commit/d8d04ef43c90079d436b2e49617b4425ba39c28e" }, { "reference_url": "https://github.com/openstack/swift/commit/f10672514217adadfc776d9ea2ffb20a37ce073b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift/commit/f10672514217adadfc776d9ea2ffb20a37ce073b" }, { "reference_url": "https://launchpad.net/bugs/1998625", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-04T15:46:54Z/" } ], "url": "https://launchpad.net/bugs/1998625" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-04T15:46:54Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00021.html" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2023-001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-04T15:46:54Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2023-001.html" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5327", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-04T15:46:54Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5327" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029154", "reference_id": "1029154", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029154" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160618", "reference_id": "2160618", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160618" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47950", "reference_id": "CVE-2022-47950", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47950" }, { "reference_url": "https://github.com/advisories/GHSA-274c-rx2j-2v3x", "reference_id": "GHSA-274c-rx2j-2v3x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-274c-rx2j-2v3x" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1013", "reference_id": "RHSA-2023:1013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1277", "reference_id": "RHSA-2023:1277", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1277" }, { "reference_url": "https://usn.ubuntu.com/5852-1/", "reference_id": "USN-5852-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5852-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052290?format=api", "purl": "pkg:deb/debian/swift@2.26.0-10%2Bdeb11u1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/swift@2.26.0-10%252Bdeb11u1" } ], "aliases": [ "CVE-2022-47950", "GHSA-274c-rx2j-2v3x" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "6.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qsxb-qjb1-mqfd" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15939?format=api", "vulnerability_id": "VCID-1k44-tzfw-pkhw", "summary": "OpenStack Object Storage (Swift) allows remote attackers to cause a denial of service\nA memory-leak issue was found in OpenStack Object Storage (swift), in the client-to-proxy connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0128.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-0128.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0155.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-0155.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0329.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-0329.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0126", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0127", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0127" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0128", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0155", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0328", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0328" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0329", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0329" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0737.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0737.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0737", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90531", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90466", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.9047", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90482", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90487", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90499", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90506", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90513", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90507", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90525", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90524", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90523", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90535", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90534", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0737" }, { "reference_url": "https://bugs.launchpad.net/swift/+bug/1466549", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/swift/+bug/1466549" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298924", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0737", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0737" }, { "reference_url": "https://launchpad.net/swift/+milestone/2.4.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/swift/+milestone/2.4.0" }, { "reference_url": "https://opendev.org/openstack/swift", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/swift" }, { "reference_url": "https://review.openstack.org/#/c/217750", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/217750" }, { "reference_url": "https://review.openstack.org/#/c/217750/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.openstack.org/#/c/217750/" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2016-004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2016-004.html" }, { "reference_url": "https://web.archive.org/web/20200228001102/http://www.securityfocus.com/bid/81432", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228001102/http://www.securityfocus.com/bid/81432" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "reference_url": "http://www.securityfocus.com/bid/81432", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/81432" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2016-0737", "reference_id": "CVE-2016-0737", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2016-0737" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0737", "reference_id": "CVE-2016-0737", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0737" }, { "reference_url": "https://github.com/advisories/GHSA-972c-cfv8-2hq8", "reference_id": "GHSA-972c-cfv8-2hq8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-972c-cfv8-2hq8" }, { "reference_url": "https://usn.ubuntu.com/3451-1/", "reference_id": "USN-3451-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3451-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052220?format=api", "purl": "pkg:deb/debian/swift@2.10.2-1~deb9u1~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4k1g-3b3h-1fbz" }, { "vulnerability": "VCID-qsxb-qjb1-mqfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/swift@2.10.2-1~deb9u1~bpo8%252B1" } ], "aliases": [ "CVE-2016-0737", "GHSA-972c-cfv8-2hq8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1k44-tzfw-pkhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55400?format=api", "vulnerability_id": "VCID-4wxz-pgew-5uc4", "summary": "OpenStack Object Storage (Swift) allows remote attackers to cause a denial of service\nOpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176713.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176713.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0128.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-0128.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0155.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-0155.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0329.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-0329.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0126", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0127", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0127" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0128", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0155", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0328", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0328" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0329", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0329" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0738.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0738.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2016-0738", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2016-0738" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0738", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90531", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90466", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.9047", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90482", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90487", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90499", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90506", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90513", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90507", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90525", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90524", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90523", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90535", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90534", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0738" }, { "reference_url": "https://bugs.launchpad.net/cloud-archive/+bug/1493303", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/cloud-archive/+bug/1493303" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298905", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298905" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0738", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0738" }, { "reference_url": "https://github.com/openstack/swift", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift" }, { "reference_url": "https://github.com/openstack/swift/blob/master/CHANGELOG", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift/blob/master/CHANGELOG" }, { "reference_url": "https://lists.fedoraproject.org/pipermail/package-announce/2016-February/176713.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/pipermail/package-announce/2016-February/176713.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0738", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0738" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2016-0128.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhn.redhat.com/errata/RHSA-2016-0128.html" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2016-0155.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhn.redhat.com/errata/RHSA-2016-0155.html" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2016-0329.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhn.redhat.com/errata/RHSA-2016-0329.html" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2016-004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2016-004.html" }, { "reference_url": "https://web.archive.org/web/20200228001102/http://www.securityfocus.com/bid/81432", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228001102/http://www.securityfocus.com/bid/81432" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "reference_url": "http://www.securityfocus.com/bid/81432", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/81432" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812984", "reference_id": "812984", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812984" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:swift:2.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:swift:2.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:swift:2.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:swift:2.5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:swift:2.5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:swift:2.5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-fxwr-2vxm-cg7p", "reference_id": "GHSA-fxwr-2vxm-cg7p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fxwr-2vxm-cg7p" }, { "reference_url": "https://usn.ubuntu.com/3451-1/", "reference_id": "USN-3451-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3451-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052220?format=api", "purl": "pkg:deb/debian/swift@2.10.2-1~deb9u1~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4k1g-3b3h-1fbz" }, { "vulnerability": "VCID-qsxb-qjb1-mqfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/swift@2.10.2-1~deb9u1~bpo8%252B1" } ], "aliases": [ "CVE-2016-0738", "GHSA-fxwr-2vxm-cg7p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4wxz-pgew-5uc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15448?format=api", "vulnerability_id": "VCID-cczb-m9jq-wbb2", "summary": "OpenStack Swift Unauthorized delete of versioned Swift object\nOpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163113.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163113.html" }, { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2015-April/000349.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-April/000349.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1681.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1681.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1684.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1684.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1845.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1845.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1846.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1846.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1856.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1856.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1856", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77359", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77356", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77443", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77431", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77424", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.7739", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77398", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77399", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77347", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77383", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77362", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77301", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77308", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77336", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77316", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1856" }, { "reference_url": "https://bugs.launchpad.net/swift/+bug/1430645", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/swift/+bug/1430645" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1856" }, { "reference_url": "https://github.com/openstack/swift", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift" }, { "reference_url": "https://git.openstack.org/cgit/openstack/swift/commit/?id=5bb7c286ebb4a54e4d2bd5a02845644d1c651183", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.openstack.org/cgit/openstack/swift/commit/?id=5bb7c286ebb4a54e4d2bd5a02845644d1c651183" }, { "reference_url": "https://git.openstack.org/cgit/openstack/swift/commit/?id=85afe9316570855c87ea731d0627f6f8f2b73264", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.openstack.org/cgit/openstack/swift/commit/?id=85afe9316570855c87ea731d0627f6f8f2b73264" }, { "reference_url": "https://git.openstack.org/cgit/openstack/swift/commit/?id=dd9d97458ea007024220a78dba8dd663e8b425d7", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.openstack.org/cgit/openstack/swift/commit/?id=dd9d97458ea007024220a78dba8dd663e8b425d7" }, { "reference_url": "https://git.openstack.org/cgit/openstack/swift/commit/?id=f6525758ab2456d688430699338993439597a789", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.openstack.org/cgit/openstack/swift/commit/?id=f6525758ab2456d688430699338993439597a789" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" }, { "reference_url": "http://www.securityfocus.com/bid/74182", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/74182" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2704-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2704-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209994", "reference_id": "1209994", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209994" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783163", "reference_id": "783163", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783163" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1856", "reference_id": "CVE-2015-1856", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1856" }, { "reference_url": "https://github.com/advisories/GHSA-cc77-5vw4-7pwg", "reference_id": "GHSA-cc77-5vw4-7pwg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cc77-5vw4-7pwg" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1681", "reference_id": "RHSA-2015:1681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1684", "reference_id": "RHSA-2015:1684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1845", "reference_id": "RHSA-2015:1845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1846", "reference_id": "RHSA-2015:1846", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1846" }, { "reference_url": "https://usn.ubuntu.com/2704-1/", "reference_id": "USN-2704-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2704-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052220?format=api", "purl": "pkg:deb/debian/swift@2.10.2-1~deb9u1~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4k1g-3b3h-1fbz" }, { "vulnerability": "VCID-qsxb-qjb1-mqfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/swift@2.10.2-1~deb9u1~bpo8%252B1" } ], "aliases": [ "CVE-2015-1856", "GHSA-cc77-5vw4-7pwg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cczb-m9jq-wbb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15465?format=api", "vulnerability_id": "VCID-yhkc-dkqq-x7fg", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nOpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1895.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1895.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0329.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0329.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5223.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5223.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5223", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.78535", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.78427", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.78454", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.78458", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.78484", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.78465", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.78457", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.78485", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.7848", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.78513", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.7852", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.78407", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.78413", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.78444", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5223" }, { "reference_url": "https://bugs.launchpad.net/swift/+bug/1449212", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/swift/+bug/1449212" }, { "reference_url": "https://bugs.launchpad.net/swift/+bug/1453948", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/swift/+bug/1453948" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5223", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5223" }, { "reference_url": "https://github.com/openstack/swift", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2015-016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2015-016.html" }, { "reference_url": "https://web.archive.org/web/20200804233308/http://www.securityfocus.com/bid/84827", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200804233308/http://www.securityfocus.com/bid/84827" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/08/26/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2015/08/26/5" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "reference_url": "http://www.securityfocus.com/bid/84827", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/84827" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255622", "reference_id": "1255622", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255622" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797032", "reference_id": "797032", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797032" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5223", "reference_id": "CVE-2015-5223", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5223" }, { "reference_url": "https://github.com/advisories/GHSA-q45h-chc8-hvp6", "reference_id": "GHSA-q45h-chc8-hvp6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q45h-chc8-hvp6" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1895", "reference_id": "RHSA-2015:1895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1895" }, { "reference_url": "https://usn.ubuntu.com/3451-1/", "reference_id": "USN-3451-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3451-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1052220?format=api", "purl": "pkg:deb/debian/swift@2.10.2-1~deb9u1~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4k1g-3b3h-1fbz" }, { "vulnerability": "VCID-qsxb-qjb1-mqfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/swift@2.10.2-1~deb9u1~bpo8%252B1" } ], "aliases": [ "CVE-2015-5223", "GHSA-q45h-chc8-hvp6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yhkc-dkqq-x7fg" } ], "risk_score": "3.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/swift@2.10.2-1~deb9u1~bpo8%252B1" }