Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/76357?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/76357?format=api", "purl": "pkg:pypi/swift@2.15.2", "type": "pypi", "namespace": "", "name": "swift", "version": "2.15.2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.28.1", "latest_non_vulnerable_version": "2.30.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16113?format=api", "vulnerability_id": "VCID-qsxb-qjb1-mqfd", "summary": "OpenStack Swift XML external entities (XXE) Injection\nAn issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthorized read access to potentially sensitive data. This impacts both s3api deployments (Rocky or later), and swift3 deployments (Queens and earlier, no longer actively developed).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47950.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-47950.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-47950", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46215", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46261", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46129", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46223", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46278", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46267", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46286", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46342", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46346", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46289", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.4628", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46308", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46284", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46283", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46227", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46281", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00234", "scoring_system": "epss", "scoring_elements": "0.46194", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-47950" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47950", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47950" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/swift", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift" }, { "reference_url": "https://github.com/openstack/swift/commit/12e54391861e7d182d58f89fb88b027e65842640", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift/commit/12e54391861e7d182d58f89fb88b027e65842640" }, { "reference_url": "https://github.com/openstack/swift/commit/7d13d1a82e1f5d01205a13184907501b4fcbe2b0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift/commit/7d13d1a82e1f5d01205a13184907501b4fcbe2b0" }, { "reference_url": "https://github.com/openstack/swift/commit/8dd96470a859dc7b189404fb67bd3899ae9c617f", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift/commit/8dd96470a859dc7b189404fb67bd3899ae9c617f" }, { "reference_url": "https://github.com/openstack/swift/commit/b8467e190f6fc67fd8fb6a8c5e32b2aa6a10fd8e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift/commit/b8467e190f6fc67fd8fb6a8c5e32b2aa6a10fd8e" }, { "reference_url": "https://github.com/openstack/swift/commit/baa98848451b5c234443a068691e12841a5a8383", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift/commit/baa98848451b5c234443a068691e12841a5a8383" }, { "reference_url": "https://github.com/openstack/swift/commit/c834e7a53d5a33a3fd13ffd954e6f4f4ee953dfc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift/commit/c834e7a53d5a33a3fd13ffd954e6f4f4ee953dfc" }, { "reference_url": "https://github.com/openstack/swift/commit/d8d04ef43c90079d436b2e49617b4425ba39c28e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift/commit/d8d04ef43c90079d436b2e49617b4425ba39c28e" }, { "reference_url": "https://github.com/openstack/swift/commit/f10672514217adadfc776d9ea2ffb20a37ce073b", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift/commit/f10672514217adadfc776d9ea2ffb20a37ce073b" }, { "reference_url": "https://launchpad.net/bugs/1998625", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-04T15:46:54Z/" } ], "url": "https://launchpad.net/bugs/1998625" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-04T15:46:54Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00021.html" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2023-001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-04T15:46:54Z/" } ], "url": "https://security.openstack.org/ossa/OSSA-2023-001.html" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5327", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-04T15:46:54Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5327" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029154", "reference_id": "1029154", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029154" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160618", "reference_id": "2160618", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2160618" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47950", "reference_id": "CVE-2022-47950", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-47950" }, { "reference_url": "https://github.com/advisories/GHSA-274c-rx2j-2v3x", "reference_id": "GHSA-274c-rx2j-2v3x", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-274c-rx2j-2v3x" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1013", "reference_id": "RHSA-2023:1013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1277", "reference_id": "RHSA-2023:1277", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1277" }, { "reference_url": "https://usn.ubuntu.com/5852-1/", "reference_id": "USN-5852-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5852-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55432?format=api", "purl": "pkg:pypi/swift@2.28.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/swift@2.28.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/55433?format=api", "purl": "pkg:pypi/swift@2.29.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/swift@2.29.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/55434?format=api", "purl": "pkg:pypi/swift@2.30.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/swift@2.30.1" } ], "aliases": [ "CVE-2022-47950", "GHSA-274c-rx2j-2v3x" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "6.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qsxb-qjb1-mqfd" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15939?format=api", "vulnerability_id": "VCID-1k44-tzfw-pkhw", "summary": "OpenStack Object Storage (Swift) allows remote attackers to cause a denial of service\nA memory-leak issue was found in OpenStack Object Storage (swift), in the client-to-proxy connection. An OpenStack-authenticated attacker could remotely trigger this flaw to cause denial of service through excess memory consumption.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0128.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-0128.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0155.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-0155.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0329.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-0329.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0126", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0127", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0127" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0128", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0155", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0328", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0328" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0329", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0329" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0737.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0737.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0737", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.9057", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90466", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.9047", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90482", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90487", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90499", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90506", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90513", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90507", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90525", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90524", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90523", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90535", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90534", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90531", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90541", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90559", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0737" }, { "reference_url": "https://bugs.launchpad.net/swift/+bug/1466549", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/swift/+bug/1466549" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298924", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0737", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0737" }, { "reference_url": "https://launchpad.net/swift/+milestone/2.4.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/swift/+milestone/2.4.0" }, { "reference_url": "https://opendev.org/openstack/swift", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/swift" }, { "reference_url": "https://review.openstack.org/#/c/217750", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/217750" }, { "reference_url": "https://review.openstack.org/#/c/217750/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://review.openstack.org/#/c/217750/" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2016-004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2016-004.html" }, { "reference_url": "https://web.archive.org/web/20200228001102/http://www.securityfocus.com/bid/81432", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228001102/http://www.securityfocus.com/bid/81432" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "reference_url": "http://www.securityfocus.com/bid/81432", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/81432" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2016-0737", "reference_id": "CVE-2016-0737", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2016-0737" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0737", "reference_id": "CVE-2016-0737", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0737" }, { "reference_url": "https://github.com/advisories/GHSA-972c-cfv8-2hq8", "reference_id": "GHSA-972c-cfv8-2hq8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-972c-cfv8-2hq8" }, { "reference_url": "https://usn.ubuntu.com/3451-1/", "reference_id": "USN-3451-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3451-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54501?format=api", "purl": "pkg:pypi/swift@2.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4wxz-pgew-5uc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/swift@2.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/76357?format=api", "purl": "pkg:pypi/swift@2.15.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qsxb-qjb1-mqfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/swift@2.15.2" } ], "aliases": [ "CVE-2016-0737", "GHSA-972c-cfv8-2hq8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1k44-tzfw-pkhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44381?format=api", "vulnerability_id": "VCID-4k1g-3b3h-1fbz", "summary": "Temporary urls leaked via logging\nIn OpenStack Swift prior to 2.15.2, the proxy-server logs full tempurl paths, potentially leaking reusable tempurl signatures to anyone with read access to these logs. All Swift deployments using the tempurl middleware are affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8761.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8761.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8761", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37366", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37483", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37392", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37276", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37345", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37673", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37855", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.3788", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37758", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37809", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37821", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37836", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.378", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37775", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37822", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37803", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37743", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37505", "published_at": "2026-04-24T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8761" }, { "reference_url": "https://bugs.launchpad.net/swift/+bug/1685798/comments/18", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/swift/+bug/1685798/comments/18" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8761", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8761" }, { "reference_url": "https://launchpad.net/bugs/1685798", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/bugs/1685798" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8761", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8761" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850156", "reference_id": "1850156", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1850156" }, { "reference_url": "https://github.com/advisories/GHSA-8fxc-qm65-vpxg", "reference_id": "GHSA-8fxc-qm65-vpxg", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8fxc-qm65-vpxg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/76357?format=api", "purl": "pkg:pypi/swift@2.15.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qsxb-qjb1-mqfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/swift@2.15.2" } ], "aliases": [ "CVE-2017-8761", "GHSA-8fxc-qm65-vpxg" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4k1g-3b3h-1fbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55400?format=api", "vulnerability_id": "VCID-4wxz-pgew-5uc4", "summary": "OpenStack Object Storage (Swift) allows remote attackers to cause a denial of service\nOpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176713.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/176713.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0128.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-0128.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0155.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-0155.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0329.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2016-0329.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0126", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0127", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0127" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0128", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0155", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0328", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0328" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:0329", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2016:0329" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0738.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0738.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2016-0738", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2016-0738" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0738", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.9057", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90466", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.9047", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90482", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90487", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90499", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90506", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90513", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90507", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90525", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90524", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90523", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90535", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90534", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90531", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90541", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.05795", "scoring_system": "epss", "scoring_elements": "0.90559", "published_at": "2026-05-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0738" }, { "reference_url": "https://bugs.launchpad.net/cloud-archive/+bug/1493303", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/cloud-archive/+bug/1493303" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298905", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1298905" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0738", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0738" }, { "reference_url": "https://github.com/openstack/swift", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift" }, { "reference_url": "https://github.com/openstack/swift/blob/master/CHANGELOG", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift/blob/master/CHANGELOG" }, { "reference_url": "https://lists.fedoraproject.org/pipermail/package-announce/2016-February/176713.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/pipermail/package-announce/2016-February/176713.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0738", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0738" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2016-0128.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhn.redhat.com/errata/RHSA-2016-0128.html" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2016-0155.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhn.redhat.com/errata/RHSA-2016-0155.html" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2016-0329.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhn.redhat.com/errata/RHSA-2016-0329.html" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2016-004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2016-004.html" }, { "reference_url": "https://web.archive.org/web/20200228001102/http://www.securityfocus.com/bid/81432", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200228001102/http://www.securityfocus.com/bid/81432" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "reference_url": "http://www.securityfocus.com/bid/81432", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/81432" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812984", "reference_id": "812984", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812984" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:swift:2.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:swift:2.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:swift:2.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:swift:2.5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:swift:2.5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:swift:2.5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-fxwr-2vxm-cg7p", "reference_id": "GHSA-fxwr-2vxm-cg7p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fxwr-2vxm-cg7p" }, { "reference_url": "https://usn.ubuntu.com/3451-1/", "reference_id": "USN-3451-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3451-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/82501?format=api", "purl": "pkg:pypi/swift@2.3.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/swift@2.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/82502?format=api", "purl": "pkg:pypi/swift@2.5.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/swift@2.5.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/76357?format=api", "purl": "pkg:pypi/swift@2.15.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qsxb-qjb1-mqfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/swift@2.15.2" } ], "aliases": [ "CVE-2016-0738", "GHSA-fxwr-2vxm-cg7p" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4wxz-pgew-5uc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54866?format=api", "vulnerability_id": "VCID-9sad-598q-vygc", "summary": "several", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-1197.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-1197.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4155.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4155.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4155", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01015", "scoring_system": "epss", "scoring_elements": "0.7731", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01015", "scoring_system": "epss", "scoring_elements": "0.77163", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01015", "scoring_system": "epss", "scoring_elements": "0.7719", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01015", "scoring_system": "epss", "scoring_elements": "0.7717", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01015", "scoring_system": "epss", "scoring_elements": "0.77165", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01015", "scoring_system": "epss", "scoring_elements": "0.77205", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01015", "scoring_system": "epss", "scoring_elements": "0.77207", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01015", "scoring_system": "epss", "scoring_elements": "0.77197", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01015", "scoring_system": "epss", "scoring_elements": "0.77232", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01015", "scoring_system": "epss", "scoring_elements": "0.77239", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01015", "scoring_system": "epss", "scoring_elements": "0.77254", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01015", "scoring_system": "epss", "scoring_elements": "0.77258", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01015", "scoring_system": "epss", "scoring_elements": "0.77288", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01015", "scoring_system": "epss", "scoring_elements": "0.77103", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01015", "scoring_system": "epss", "scoring_elements": "0.7711", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01015", "scoring_system": "epss", "scoring_elements": "0.77139", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01015", "scoring_system": "epss", "scoring_elements": "0.77121", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01015", "scoring_system": "epss", "scoring_elements": "0.77154", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4155" }, { "reference_url": "https://bugs.launchpad.net/swift/+bug/1196932", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/swift/+bug/1196932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2161", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2161" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4155" }, { "reference_url": "https://github.com/openstack/swift", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift" }, { "reference_url": "https://github.com/openstack/swift/commit/1f4ec235cdfd8c868f2d6458532f9dc32c00b8ca", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift/commit/1f4ec235cdfd8c868f2d6458532f9dc32c00b8ca" }, { "reference_url": "https://github.com/openstack/swift/commit/6b9806e0e8cbec60c0a3ece0bd516e0502827515", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift/commit/6b9806e0e8cbec60c0a3ece0bd516e0502827515" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4155", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4155" }, { "reference_url": "https://review.openstack.org/#/c/40643", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/40643" }, { "reference_url": "https://review.openstack.org/#/c/40645", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/40645" }, { "reference_url": "https://review.openstack.org/#/c/40646", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://review.openstack.org/#/c/40646" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2737", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2737" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/08/07/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/08/07/6" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2001-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2001-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719008", "reference_id": "719008", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719008" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=991626", "reference_id": "991626", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=991626" }, { "reference_url": "https://github.com/advisories/GHSA-wxx2-gqvv-34hx", "reference_id": "GHSA-wxx2-gqvv-34hx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wxx2-gqvv-34hx" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:1197", "reference_id": "RHSA-2013:1197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:1197" }, { "reference_url": "https://usn.ubuntu.com/2001-1/", "reference_id": "USN-2001-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2001-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83190?format=api", "purl": "pkg:pypi/swift@1.9.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/swift@1.9.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/76357?format=api", "purl": "pkg:pypi/swift@2.15.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qsxb-qjb1-mqfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/swift@2.15.2" } ], "aliases": [ "CVE-2013-4155", "GHSA-wxx2-gqvv-34hx" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9sad-598q-vygc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15448?format=api", "vulnerability_id": "VCID-cczb-m9jq-wbb2", "summary": "OpenStack Swift Unauthorized delete of versioned Swift object\nOpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163113.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163113.html" }, { "reference_url": "http://lists.openstack.org/pipermail/openstack-announce/2015-April/000349.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.openstack.org/pipermail/openstack-announce/2015-April/000349.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1681.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1681.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1684.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1684.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1845.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1845.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1846.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1846.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1856.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1856.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1856", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77501", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77383", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77362", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77359", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77399", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77398", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.7739", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77424", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77431", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77443", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77451", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77478", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77301", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77308", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77336", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77316", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77347", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01033", "scoring_system": "epss", "scoring_elements": "0.77356", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1856" }, { "reference_url": "https://bugs.launchpad.net/swift/+bug/1430645", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/swift/+bug/1430645" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1856", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1856" }, { "reference_url": "https://github.com/openstack/swift", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift" }, { "reference_url": "https://git.openstack.org/cgit/openstack/swift/commit/?id=5bb7c286ebb4a54e4d2bd5a02845644d1c651183", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.openstack.org/cgit/openstack/swift/commit/?id=5bb7c286ebb4a54e4d2bd5a02845644d1c651183" }, { "reference_url": "https://git.openstack.org/cgit/openstack/swift/commit/?id=85afe9316570855c87ea731d0627f6f8f2b73264", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.openstack.org/cgit/openstack/swift/commit/?id=85afe9316570855c87ea731d0627f6f8f2b73264" }, { "reference_url": "https://git.openstack.org/cgit/openstack/swift/commit/?id=dd9d97458ea007024220a78dba8dd663e8b425d7", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.openstack.org/cgit/openstack/swift/commit/?id=dd9d97458ea007024220a78dba8dd663e8b425d7" }, { "reference_url": "https://git.openstack.org/cgit/openstack/swift/commit/?id=f6525758ab2456d688430699338993439597a789", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://git.openstack.org/cgit/openstack/swift/commit/?id=f6525758ab2456d688430699338993439597a789" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" }, { "reference_url": "http://www.securityfocus.com/bid/74182", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/74182" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2704-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2704-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209994", "reference_id": "1209994", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209994" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783163", "reference_id": "783163", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783163" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1856", "reference_id": "CVE-2015-1856", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1856" }, { "reference_url": "https://github.com/advisories/GHSA-cc77-5vw4-7pwg", "reference_id": "GHSA-cc77-5vw4-7pwg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cc77-5vw4-7pwg" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1681", "reference_id": "RHSA-2015:1681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1681" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1684", "reference_id": "RHSA-2015:1684", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1684" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1845", "reference_id": "RHSA-2015:1845", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1846", "reference_id": "RHSA-2015:1846", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1846" }, { "reference_url": "https://usn.ubuntu.com/2704-1/", "reference_id": "USN-2704-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2704-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54478?format=api", "purl": "pkg:pypi/swift@2.3.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/swift@2.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/76357?format=api", "purl": "pkg:pypi/swift@2.15.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qsxb-qjb1-mqfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/swift@2.15.2" } ], "aliases": [ "CVE-2015-1856", "GHSA-cc77-5vw4-7pwg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cczb-m9jq-wbb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15531?format=api", "vulnerability_id": "VCID-njnr-ngu6-7qdv", "summary": "OpenStack Swift Unchecked user input in XML responses\nXML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name.", "references": [ { "reference_url": "http://github.com/openstack/swift/commit/4eed6bf5b5028409f730be97ddcfb6bfa893c976", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/openstack/swift/commit/4eed6bf5b5028409f730be97ddcfb6bfa893c976" }, { "reference_url": "http://github.com/openstack/swift/commit/92d7eadd328797d392758c79e258c8455874c80e", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://github.com/openstack/swift/commit/92d7eadd328797d392758c79e258c8455874c80e" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2013-07/msg00021.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0993.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0993.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2161.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2161.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2161", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55916", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55965", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55968", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55942", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55868", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55887", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55863", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.5581", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55857", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55791", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55904", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55926", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55955", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55957", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55966", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55946", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00329", "scoring_system": "epss", "scoring_elements": "0.55928", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2161" }, { "reference_url": "https://bugs.launchpad.net/swift/+bug/1183884", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/swift/+bug/1183884" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2161", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2161" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4155" }, { "reference_url": "https://github.com/openstack/swift", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift" }, { "reference_url": "https://github.com/openstack/swift/commit/6659382c4fa348e1ebbce2424968dd7267ea1db1", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift/commit/6659382c4fa348e1ebbce2424968dd7267ea1db1" }, { "reference_url": "https://github.com/openstack/swift/commit/8f9b135e0a16478a628f20224ce5babe62d4aaba", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift/commit/8f9b135e0a16478a628f20224ce5babe62d4aaba" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2737", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2737" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/06/13/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/06/13/4" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712202", "reference_id": "712202", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712202" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=972988", "reference_id": "972988", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=972988" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2161", "reference_id": "CVE-2013-2161", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2161" }, { "reference_url": "https://github.com/advisories/GHSA-9xgv-6v35-mmcj", "reference_id": "GHSA-9xgv-6v35-mmcj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9xgv-6v35-mmcj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0993", "reference_id": "RHSA-2013:0993", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0993" }, { "reference_url": "https://usn.ubuntu.com/1887-1/", "reference_id": "USN-1887-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1887-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54643?format=api", "purl": "pkg:pypi/swift@1.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4djj-fd3y-jqch" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/swift@1.9.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/76357?format=api", "purl": "pkg:pypi/swift@2.15.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qsxb-qjb1-mqfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/swift@2.15.2" } ], "aliases": [ "CVE-2013-2161", "GHSA-9xgv-6v35-mmcj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-njnr-ngu6-7qdv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57603?format=api", "vulnerability_id": "VCID-wf91-36ce-hbcz", "summary": "OpenStack Object Storage (swift) Code Injection vulnerability\nOpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, which allows remote attackers to execute arbitrary code via a crafted pickle object.", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089472.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2012-1379.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2012-1379.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0691.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2013-0691.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2012:1379", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2012:1379" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0691", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2013:0691" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4406.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4406.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2012-4406", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2012-4406" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4406", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0471", "scoring_system": "epss", "scoring_elements": "0.89368", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0471", "scoring_system": "epss", "scoring_elements": "0.89364", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0471", "scoring_system": "epss", "scoring_elements": "0.89333", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0471", "scoring_system": "epss", "scoring_elements": "0.89446", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0471", "scoring_system": "epss", "scoring_elements": "0.89433", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0471", "scoring_system": "epss", "scoring_elements": "0.89415", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0471", "scoring_system": "epss", "scoring_elements": "0.89406", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0471", "scoring_system": "epss", "scoring_elements": "0.89404", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0471", "scoring_system": "epss", "scoring_elements": "0.89399", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0471", "scoring_system": "epss", "scoring_elements": "0.89382", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0471", "scoring_system": "epss", "scoring_elements": "0.89385", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0471", "scoring_system": "epss", "scoring_elements": "0.8937", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0471", "scoring_system": "epss", "scoring_elements": "0.89373", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0471", "scoring_system": "epss", "scoring_elements": "0.89376", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0471", "scoring_system": "epss", "scoring_elements": "0.89345", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0471", "scoring_system": "epss", "scoring_elements": "0.89328", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0471", "scoring_system": "epss", "scoring_elements": "0.89347", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4406" }, { "reference_url": "https://bugs.launchpad.net/swift/+bug/1006414", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/swift/+bug/1006414" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=854757", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=854757" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4406", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4406" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79140", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79140" }, { "reference_url": "https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift/commit/e1ff51c04554d51616d2845f92ab726cb0e5831a" }, { "reference_url": "https://launchpad.net/swift/+milestone/1.7.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://launchpad.net/swift/+milestone/1.7.0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4406", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4406" }, { "reference_url": "https://opendev.org/openstack/swift", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://opendev.org/openstack/swift" }, { "reference_url": "https://web.archive.org/web/20130629092623/http://www.securityfocus.com/bid/55420", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20130629092623/http://www.securityfocus.com/bid/55420" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/09/05/16", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/09/05/16" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/09/05/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/09/05/4" }, { "reference_url": "http://www.securityfocus.com/bid/55420", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/55420" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686812", "reference_id": "686812", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686812" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:gluster_storage_management_console:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:gluster_storage_management_console:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:gluster_storage_management_console:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:storage_for_public_cloud:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:storage_for_public_cloud:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:storage_for_public_cloud:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-v7mh-3jgf-r26c", "reference_id": "GHSA-v7mh-3jgf-r26c", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v7mh-3jgf-r26c" }, { "reference_url": "https://usn.ubuntu.com/1887-1/", "reference_id": "USN-1887-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1887-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/83883?format=api", "purl": "pkg:pypi/swift@1.7.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/swift@1.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/76357?format=api", "purl": "pkg:pypi/swift@2.15.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qsxb-qjb1-mqfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/swift@2.15.2" } ], "aliases": [ "CVE-2012-4406", "GHSA-v7mh-3jgf-r26c" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wf91-36ce-hbcz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15999?format=api", "vulnerability_id": "VCID-y2t3-3pyp-tbd2", "summary": "OpenStack Swift metadata constraints are not correctly enforced\nOpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0835.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0835.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0836.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0836.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1495.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1495.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7960.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7960.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7960", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.52993", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53021", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53037", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.52995", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.52944", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.5297", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53015", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53033", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53025", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53059", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53077", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53069", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.52954", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53032", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53049", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.52978", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53064", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.53003", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-7960" }, { "reference_url": "https://bugs.launchpad.net/swift/+bug/1365350", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/swift/+bug/1365350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7960" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96901", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96901" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/openstack/swift", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift" }, { "reference_url": "https://github.com/openstack/swift/commit/06800cbe446ce4c937a57b69517b55c3bba9b6e1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift/commit/06800cbe446ce4c937a57b69517b55c3bba9b6e1" }, { "reference_url": "https://github.com/openstack/swift/commit/2c4622a28ea04e1c6b2382189b0a1f6cccdc9c0f", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift/commit/2c4622a28ea04e1c6b2382189b0a1f6cccdc9c0f" }, { "reference_url": "https://github.com/openstack/swift/commit/5b2c27a5874c2b5b0a333e4955b03544f6a8119f", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift/commit/5b2c27a5874c2b5b0a333e4955b03544f6a8119f" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/10/07/39", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/10/07/39" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/10/08/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/10/08/7" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html" }, { "reference_url": "http://www.securityfocus.com/bid/70279", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/70279" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2704-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-2704-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1150461", "reference_id": "1150461", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1150461" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7960", "reference_id": "CVE-2014-7960", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:N/I:P/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-7960" }, { "reference_url": "https://github.com/advisories/GHSA-g6x3-55qv-x6p2", "reference_id": "GHSA-g6x3-55qv-x6p2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g6x3-55qv-x6p2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0835", "reference_id": "RHSA-2015:0835", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0835" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0836", "reference_id": "RHSA-2015:0836", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0836" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1495", "reference_id": "RHSA-2015:1495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1495" }, { "reference_url": "https://usn.ubuntu.com/2704-1/", "reference_id": "USN-2704-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2704-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55318?format=api", "purl": "pkg:pypi/swift@2.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/swift@2.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/76357?format=api", "purl": "pkg:pypi/swift@2.15.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qsxb-qjb1-mqfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/swift@2.15.2" } ], "aliases": [ "CVE-2014-7960", "GHSA-g6x3-55qv-x6p2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y2t3-3pyp-tbd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15465?format=api", "vulnerability_id": "VCID-yhkc-dkqq-x7fg", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nOpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00025.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-1895.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-1895.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-0329.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-0329.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5223.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5223.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5223", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.7859", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.78484", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.78465", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.78457", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.78485", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.7848", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.78513", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.7852", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.78535", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.7855", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.78574", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.78407", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.78413", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.78444", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.78427", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.78454", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01146", "scoring_system": "epss", "scoring_elements": "0.78458", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5223" }, { "reference_url": "https://bugs.launchpad.net/swift/+bug/1449212", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/swift/+bug/1449212" }, { "reference_url": "https://bugs.launchpad.net/swift/+bug/1453948", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.launchpad.net/swift/+bug/1453948" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5223", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5223" }, { "reference_url": "https://github.com/openstack/swift", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/openstack/swift" }, { "reference_url": "https://security.openstack.org/ossa/OSSA-2015-016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.openstack.org/ossa/OSSA-2015-016.html" }, { "reference_url": "https://web.archive.org/web/20200804233308/http://www.securityfocus.com/bid/84827", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200804233308/http://www.securityfocus.com/bid/84827" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/08/26/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2015/08/26/5" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" }, { "reference_url": "http://www.securityfocus.com/bid/84827", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/84827" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255622", "reference_id": "1255622", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255622" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797032", "reference_id": "797032", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797032" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5223", "reference_id": "CVE-2015-5223", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5223" }, { "reference_url": "https://github.com/advisories/GHSA-q45h-chc8-hvp6", "reference_id": "GHSA-q45h-chc8-hvp6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q45h-chc8-hvp6" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1895", "reference_id": "RHSA-2015:1895", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1895" }, { "reference_url": "https://usn.ubuntu.com/3451-1/", "reference_id": "USN-3451-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3451-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54501?format=api", "purl": "pkg:pypi/swift@2.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4wxz-pgew-5uc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/swift@2.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/76357?format=api", "purl": "pkg:pypi/swift@2.15.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qsxb-qjb1-mqfd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/swift@2.15.2" } ], "aliases": [ "CVE-2015-5223", "GHSA-q45h-chc8-hvp6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yhkc-dkqq-x7fg" } ], "risk_score": "3.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/swift@2.15.2" }