Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1jcHgzLTY5NnAtM2N3Oc4AApzZ

OpenStack Neutron Denial of Service vulnerability

An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.

Permalink: https://github.com/advisories/GHSA-cpx3-696p-3cw9
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jcHgzLTY5NnAtM2N3Oc4AApzZ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: 18 days ago


CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Identifiers: GHSA-cpx3-696p-3cw9, CVE-2021-40797
References: Repository: https://github.com/openstack/neutron
Blast Radius: 13.8

Affected Packages

pypi:neutron
Dependent packages: 24
Dependent repositories: 134
Downloads: 32,561 last month
Affected Version Ranges: >= 18.0.0, < 18.1.1, >= 17.0.0, < 17.2.1, < 16.4.1
Fixed in: 18.1.1, 17.2.1, 16.4.1
All affected versions: 10.0.5, 10.0.6, 10.0.7, 11.0.3, 11.0.4, 11.0.5, 11.0.6, 11.0.7, 11.0.8, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.0.5, 12.0.6, 12.1.0, 12.1.1, 13.0.0, 13.0.1, 13.0.2, 13.0.3, 13.0.4, 13.0.5, 13.0.6, 13.0.7, 14.0.0, 14.0.1, 14.0.2, 14.0.3, 14.0.4, 14.1.0, 14.2.0, 14.3.0, 14.3.1, 14.4.0, 14.4.1, 14.4.2, 15.0.0, 15.0.1, 15.0.2, 15.1.0, 15.2.0, 15.3.0, 15.3.1, 15.3.2, 15.3.3, 15.3.4, 16.0.0, 16.1.0, 16.2.0, 16.3.0, 16.3.1, 16.3.2, 16.4.0, 17.0.0, 17.1.0, 17.1.1, 17.1.2, 17.2.0, 18.0.0, 18.1.0
All unaffected versions: 16.4.1, 16.4.2, 17.2.1, 17.3.0, 17.4.0, 17.4.1, 18.1.1, 18.2.0, 18.3.0, 18.4.0, 18.5.0, 18.6.0, 19.0.0, 19.1.0, 19.2.0, 19.3.0, 19.4.0, 19.5.0, 19.6.0, 19.7.0, 20.0.0, 20.1.0, 20.2.0, 20.3.0, 20.3.1, 20.4.0, 20.5.0, 21.0.0, 21.1.0, 21.1.1, 21.1.2, 21.2.0, 21.2.1, 22.0.0, 22.0.1, 22.0.2, 22.1.0, 22.2.0, 22.2.1, 23.0.0, 23.1.0, 23.2.0, 24.0.0, 24.0.1, 25.0.0