OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote attackers to cause a denial of service (proxy-server resource consumption) via a series of interrupted requests to a Large Object URL.
{
"cpe": [
"cpe:2.3:a:openstack:swift:*:*:*:*:*:*:*:*",
"cpe:2.3:a:openstack:swift:2.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:openstack:swift:2.5.0:*:*:*:*:*:*:*"
],
"source": [
"CPE_RANGE",
"CPE_STRING"
],
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "2.3.0"
},
{
"introduced": "2.4.0"
},
{
"last_affected": "2.4.0"
},
{
"introduced": "2.5.0"
},
{
"last_affected": "2.5.0"
}
]
}