CVE-2013-1664: The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom…

medium5CVSS 3.1

AVNACLAuNCNINAP

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.

Affected

34 ranges· showing 25

Vendor	Product	Version range	Fixed in
canonical	ubuntu_linux	—	—
debian	cinder	< cinder 2013.1.2-4 (bookworm)	cinder 2013.1.2-4 (bookworm)
debian	cinder	< cinder 2012.2.3-1 (bookworm)	cinder 2012.2.3-1 (bookworm)
debian	keystone	< cinder 2012.2.3-1 (bookworm)	cinder 2012.2.3-1 (bookworm)
debian	nova	< nova 2013.1.3-1 (bookworm)	nova 2013.1.3-1 (bookworm)
debian	nova	< cinder 2012.2.3-1 (bookworm)	cinder 2012.2.3-1 (bookworm)
djangoproject	django	>= 1.3.0 < 1.3.6	1.3.6
djangoproject	django	>= 1.4.0 < 1.4.4	1.4.4
openstack	cinder	>= 0 < 2012.2.3-1	2012.2.3-1
openstack	cinder	>= 0 < 2013.1.2-4	2013.1.2-4
openstack	cinder	>= 0 < 2012.2.3-1	2012.2.3-1
openstack	cinder	>= 0 < 2013.1.2-4	2013.1.2-4
openstack	cinder	>= 0 < 2012.2.3-1	2012.2.3-1
openstack	cinder	>= 0 < 2013.1.2-4	2013.1.2-4
openstack	cinder	>= 0 < 2012.2.3-1	2012.2.3-1
openstack	cinder	>= 0 < 2013.1.2-4	2013.1.2-4
openstack	cinder	>= 0 < 7.0.0a0	7.0.0a0
openstack	cinder	2013.1 – 2013.1.3	—
openstack	compute	—	—
openstack	havana	<= havana-2	—
openstack	havana	—	—
openstack	keystone	>= 0 < 2012.1.1-13	2012.1.1-13
openstack	keystone	>= 0 < 2012.1.1-13	2012.1.1-13
openstack	keystone	>= 0 < 2012.1.1-13	2012.1.1-13
openstack	keystone	>= 0 < 2012.1.1-13	2012.1.1-13

CVSS provenance

nvd5.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P

ghsa5.0MEDIUM

osv5.0MEDIUM