{"url":"http://public2.vulnerablecode.io/api/packages/64240?format=json","purl":"pkg:pypi/glance@25.1.0","type":"pypi","namespace":"","name":"glance","version":"25.1.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"11.0.0a0","latest_non_vulnerable_version":"2015.1.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36395?format=json","vulnerability_id":"VCID-f3dt-ffh1-vyev","summary":"A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.","references":[{"reference_url":"https://bugs.launchpad.net/glance/+bug/1990157","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://bugs.launchpad.net/glance/+bug/1990157"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2147462","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2147462"},{"reference_url":"https://github.com/openstack/glance","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openstack/glance"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2023-270.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/glance/PYSEC-2023-270.yaml"},{"reference_url":"https://wiki.openstack.org/wiki/OSSN/OSSN-0090","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://wiki.openstack.org/wiki/OSSN/OSSN-0090"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0757","reference_id":"CVE-2016-0757","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0757"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4134","reference_id":"CVE-2022-4134","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4134"},{"reference_url":"https://github.com/advisories/GHSA-5gp5-vxj6-4257","reference_id":"GHSA-5gp5-vxj6-4257","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5gp5-vxj6-4257"}],"fixed_packages":[],"aliases":["CVE-2022-4134","GHSA-5gp5-vxj6-4257","PYSEC-2023-270"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f3dt-ffh1-vyev"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/glance@25.1.0"}