GHSA-r3jh-qhgj-gvr8

Source

https://github.com/advisories/GHSA-r3jh-qhgj-gvr8

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-r3jh-qhgj-gvr8/GHSA-r3jh-qhgj-gvr8.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-r3jh-qhgj-gvr8

Aliases

CVE-2023-3637

Published

2023-07-25T15:30:25Z

Modified

2024-02-16T08:03:23.431466Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Denial of service in neutron

Details

An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.

Database specific

{
    "nvd_published_at": "2023-07-25T13:15:10Z",
    "cwe_ids": [
        "CWE-400"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-25T19:24:57Z"
}

References

Affected packages

PyPI / neutron

Package

Name: neutron; View open source insights on deps.dev
Purl: pkg:pypi/neutron

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

22.0.2

Affected versions

0.*

0.0

10.*

10.0.5

10.0.6

10.0.7

11.*

11.0.3

11.0.4

11.0.5

11.0.6

11.0.7

11.0.8

12.*

12.0.0.0b3

12.0.0.0rc1

12.0.0.0rc2

12.0.0

12.0.1

12.0.2

12.0.3

12.0.4

12.0.5

12.0.6

12.1.0

12.1.1

13.*

13.0.0.0b1

13.0.0.0b2

13.0.0.0b3

13.0.0.0rc1

13.0.0.0rc2

13.0.0

13.0.1

13.0.2

13.0.3

13.0.4

13.0.5

13.0.6

13.0.7

14.*

14.0.0.0b1

14.0.0.0b2

14.0.0.0b3

14.0.0.0rc1

14.0.0

14.0.1

14.0.2

14.0.3

14.0.4

14.1.0

14.2.0

14.3.0

14.3.1

14.4.0

14.4.1

14.4.2

15.*

15.0.0.0b1

15.0.0.0rc1

15.0.0.0rc2

15.0.0

15.0.1

15.0.2

15.1.0

15.2.0

15.3.0

15.3.1

15.3.2

15.3.3

15.3.4

16.*

16.0.0.0b1

16.0.0.0rc1

16.0.0.0rc2

16.0.0

16.1.0

16.2.0

16.3.0

16.3.1

16.3.2

16.4.0

16.4.1

16.4.2

17.*

17.0.0.0rc1

17.0.0.0rc2

17.0.0

17.1.0

17.1.1

17.1.2

17.2.0

17.2.1

17.3.0

17.4.0

17.4.1

18.*

18.0.0.0rc1

18.0.0.0rc2

18.0.0

18.1.0

18.1.1

18.2.0

18.3.0

18.4.0

18.5.0

18.6.0

19.*

19.0.0.0rc1

19.0.0.0rc2

19.0.0

19.1.0

19.2.0

19.3.0

19.4.0

19.5.0

19.6.0

19.7.0

20.*

20.0.0.0rc1

20.0.0.0rc2

20.0.0

20.1.0

20.2.0

20.3.0

20.3.1

20.4.0

20.5.0

21.*

21.0.0.0rc1

21.0.0.0rc2

21.0.0

21.1.0

21.1.1

21.1.2

21.2.0

22.*

22.0.0.0rc1

22.0.0.0rc2

22.0.0

22.0.1

22.0.2

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/07/GHSA-r3jh-qhgj-gvr8/GHSA-r3jh-qhgj-gvr8.json"