CVE-2021-40797 – neutron

Package

Manager: pip
Name: neutron
Vulnerable Version: >=0 <16.4.1 || >=17.0.0 <17.2.1 || >=18.0.0 <18.1.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00467 pctl0.63509

Details

OpenStack Neutron Denial of Service vulnerability An issue was discovered in the routes middleware in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.

Metadata

Created: 2022-05-24T19:13:19Z
Modified: 2024-09-25T17:55:07Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cpx3-696p-3cw9/GHSA-cpx3-696p-3cw9.json
CWE IDs: ["CWE-772"]
Alternative ID: GHSA-cpx3-696p-3cw9
Finding: F067
Auto approve: 1