OSSA-2013-016: Unchecked user input in Swift XML responses

OSSA-2013-016: Unchecked user input in Swift XML responses¶

Date:: June 13, 2013
CVE:: CVE-2013-2161

Affects¶

Swift: All versions

Description¶

Alex Gaynor from Rackspace reported a vulnerability in XML handling within Swift account servers. Account strings were unescaped in XML listings, and an attacker could potentially generate unparsable or arbitrary XML responses which may be used to leverage other vulnerabilities in the calling software.

Patches¶

https://review.openstack.org/#/c/32911 (Folsom)
https://review.openstack.org/#/c/32909 (Grizzly)
https://review.openstack.org/#/c/32905 (Havana)
https://review.openstack.org/#/c/32982 (Havana)

Credits¶

Alex Gaynor from Rackspace (CVE-2013-2161)

References¶

this page last updated: 2024-03-18 15:52:07

Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.