Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/neutron@18.0.0

Type pypi

Namespace

Name neutron

Version 18.0.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 18.1.1

Latest_non_vulnerable_version 2015.1.1

Affected_by_vulnerabilities

url VCID-1444-3h31-3kdv

vulnerability_id VCID-1444-3h31-3kdv

summary OpenStack Neutron before 16.4.1, 17.x before 17.1.3, and 18.0.0 allows hardware address impersonation when the linuxbridge driver with ebtables-nft is used on a Netfilter-based platform. By sending carefully crafted packets, anyone in control of a server instance connected to the virtual switch can impersonate the hardware addresses of other systems on the network, resulting in denial of service or in some cases possibly interception of traffic intended for other destinations.

references

reference_url	https://launchpad.net/bugs/1938670
reference_id
reference_type
scores
url	https://launchpad.net/bugs/1938670

fixed_packages

url pkg:pypi/neutron@18.1.0

purl pkg:pypi/neutron@18.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-69mn-brsx-xydy

vulnerability	VCID-p6g8-396q-t7ck

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@18.1.0

aliases CVE-2021-38598, PYSEC-2021-360

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1444-3h31-3kdv

url VCID-69mn-brsx-xydy

vulnerability_id VCID-69mn-brsx-xydy

summary An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.

references

reference_url	https://launchpad.net/bugs/1942179
reference_id
reference_type
scores
url	https://launchpad.net/bugs/1942179

reference_url	https://security.openstack.org/ossa/OSSA-2021-006.html
reference_id
reference_type
scores
url	https://security.openstack.org/ossa/OSSA-2021-006.html

reference_url	http://www.openwall.com/lists/oss-security/2021/09/09/2
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2021/09/09/2

fixed_packages

url	pkg:pypi/neutron@18.1.1
purl	pkg:pypi/neutron@18.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@18.1.1

aliases CVE-2021-40797, PYSEC-2021-329

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-69mn-brsx-xydy

url VCID-p6g8-396q-t7ck

vulnerability_id VCID-p6g8-396q-t7ck

summary An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.

references

reference_url	https://launchpad.net/bugs/1939733
reference_id
reference_type
scores
url	https://launchpad.net/bugs/1939733

reference_url	https://security.openstack.org/ossa/OSSA-2021-005.html
reference_id
reference_type
scores
url	https://security.openstack.org/ossa/OSSA-2021-005.html

reference_url	http://www.openwall.com/lists/oss-security/2021/08/31/2
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2021/08/31/2

fixed_packages

url	pkg:pypi/neutron@18.1.1
purl	pkg:pypi/neutron@18.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@18.1.1

aliases CVE-2021-40085, PYSEC-2021-361

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p6g8-396q-t7ck

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/neutron@18.0.0

Package Instance