Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jcHgzLTY5NnAtM2N3Oc4AApzZ
OpenStack Neutron Denial of Service vulnerability
An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.
Permalink: https://github.com/advisories/GHSA-cpx3-696p-3cw9JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jcHgzLTY5NnAtM2N3Oc4AApzZ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 2 years ago
Updated: 18 days ago
CVSS Score: 6.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Identifiers: GHSA-cpx3-696p-3cw9, CVE-2021-40797
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-40797
- https://launchpad.net/bugs/1942179
- https://security.openstack.org/ossa/OSSA-2021-006.html
- http://www.openwall.com/lists/oss-security/2021/09/09/2
- https://github.com/openstack/neutron/commit/e610a5eb9e71aa2549fb11e2139370d227787da2
- https://github.com/pypa/advisory-database/tree/main/vulns/neutron/PYSEC-2021-329.yaml
- https://github.com/advisories/GHSA-cpx3-696p-3cw9
Blast Radius: 13.8
Affected Packages
pypi:neutron
Dependent packages: 24Dependent repositories: 134
Downloads: 32,561 last month
Affected Version Ranges: >= 18.0.0, < 18.1.1, >= 17.0.0, < 17.2.1, < 16.4.1
Fixed in: 18.1.1, 17.2.1, 16.4.1
All affected versions: 10.0.5, 10.0.6, 10.0.7, 11.0.3, 11.0.4, 11.0.5, 11.0.6, 11.0.7, 11.0.8, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.0.5, 12.0.6, 12.1.0, 12.1.1, 13.0.0, 13.0.1, 13.0.2, 13.0.3, 13.0.4, 13.0.5, 13.0.6, 13.0.7, 14.0.0, 14.0.1, 14.0.2, 14.0.3, 14.0.4, 14.1.0, 14.2.0, 14.3.0, 14.3.1, 14.4.0, 14.4.1, 14.4.2, 15.0.0, 15.0.1, 15.0.2, 15.1.0, 15.2.0, 15.3.0, 15.3.1, 15.3.2, 15.3.3, 15.3.4, 16.0.0, 16.1.0, 16.2.0, 16.3.0, 16.3.1, 16.3.2, 16.4.0, 17.0.0, 17.1.0, 17.1.1, 17.1.2, 17.2.0, 18.0.0, 18.1.0
All unaffected versions: 16.4.1, 16.4.2, 17.2.1, 17.3.0, 17.4.0, 17.4.1, 18.1.1, 18.2.0, 18.3.0, 18.4.0, 18.5.0, 18.6.0, 19.0.0, 19.1.0, 19.2.0, 19.3.0, 19.4.0, 19.5.0, 19.6.0, 19.7.0, 20.0.0, 20.1.0, 20.2.0, 20.3.0, 20.3.1, 20.4.0, 20.5.0, 21.0.0, 21.1.0, 21.1.1, 21.1.2, 21.2.0, 21.2.1, 22.0.0, 22.0.1, 22.0.2, 22.1.0, 22.2.0, 22.2.1, 23.0.0, 23.1.0, 23.2.0, 24.0.0, 24.0.1, 25.0.0