{"url":"http://public2.vulnerablecode.io/api/packages/13091?format=json","purl":"pkg:pypi/neutron@10.0.8","type":"pypi","namespace":"","name":"neutron","version":"10.0.8","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"16.4.1","latest_non_vulnerable_version":"2015.1.1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35330?format=json","vulnerability_id":"VCID-t5sb-ghkg-zbb6","summary":"An issue was discovered in the iptables firewall module in OpenStack Neutron before 10.0.8, 11.x before 11.0.7, 12.x before 12.0.6, and 13.x before 13.0.3. By setting a destination port in a security group rule along with a protocol that doesn't support that option (for example, VRRP), an authenticated user may block further application of security group rules for instances from any project/tenant on the compute hosts to which it's applied. (Only deployments using the iptables security group driver are affected.)","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0879","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0879"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0916","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0935","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0935"},{"reference_url":"https://github.com/openstack/neutron","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openstack/neutron"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2019-190.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2019-190.yaml"},{"reference_url":"https://launchpad.net/bugs/1818385","reference_id":"","reference_type":"","scores":[],"url":"https://launchpad.net/bugs/1818385"},{"reference_url":"https://seclists.org/bugtraq/2019/Mar/24","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Mar/24"},{"reference_url":"https://security.openstack.org/ossa/OSSA-2019-001.html","reference_id":"","reference_type":"","scores":[],"url":"https://security.openstack.org/ossa/OSSA-2019-001.html"},{"reference_url":"https://usn.ubuntu.com/4036-1","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4036-1"},{"reference_url":"https://usn.ubuntu.com/4036-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4036-1/"},{"reference_url":"https://web.archive.org/web/20201208185619/http://www.securityfocus.com/bid/107390","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20201208185619/http://www.securityfocus.com/bid/107390"},{"reference_url":"https://www.debian.org/security/2019/dsa-4409","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4409"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/03/18/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2019/03/18/2"},{"reference_url":"http://www.securityfocus.com/bid/107390","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/107390"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9735","reference_id":"CVE-2019-9735","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9735"},{"reference_url":"https://github.com/advisories/GHSA-9773-3fqg-8w25","reference_id":"GHSA-9773-3fqg-8w25","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9773-3fqg-8w25"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/13091?format=json","purl":"pkg:pypi/neutron@10.0.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@10.0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/13090?format=json","purl":"pkg:pypi/neutron@11.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1444-3h31-3kdv"},{"vulnerability":"VCID-69mn-brsx-xydy"},{"vulnerability":"VCID-p6g8-396q-t7ck"},{"vulnerability":"VCID-wa91-gzx6-h7gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@11.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/13088?format=json","purl":"pkg:pypi/neutron@12.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1444-3h31-3kdv"},{"vulnerability":"VCID-69mn-brsx-xydy"},{"vulnerability":"VCID-p6g8-396q-t7ck"},{"vulnerability":"VCID-wa91-gzx6-h7gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@12.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/13089?format=json","purl":"pkg:pypi/neutron@13.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1444-3h31-3kdv"},{"vulnerability":"VCID-69mn-brsx-xydy"},{"vulnerability":"VCID-p6g8-396q-t7ck"},{"vulnerability":"VCID-wa91-gzx6-h7gu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@13.0.3"}],"aliases":["CVE-2019-9735","GHSA-9773-3fqg-8w25","PYSEC-2019-190"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t5sb-ghkg-zbb6"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@10.0.8"}