PYSEC-2014-97

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/apache-libcloud/PYSEC-2014-97.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2014-97

Aliases

CVE-2013-6480
GHSA-g892-9h8m-r69r

Published

2014-01-07T18:55:00Z

Modified

2024-02-23T21:13:25.455840Z

Summary

[none]

Details

Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM.

References

https://digitalocean.com/blog_posts/transparency-regarding-data-security
http://libcloud.apache.org/security.html
https://github.com/fog/fog/issues/2525
http://www.securityfocus.com/bid/64617
http://lists.opensuse.org/opensuse-updates/2014-02/msg00015.html
http://www.securityfocus.com/archive/1/530624/100/0/threaded

Affected packages

PyPI / apache-libcloud

Package

Name: apache-libcloud; View open source insights on deps.dev
Purl: pkg:pypi/apache-libcloud

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0.12.3

Fixed

0.13.3

Affected versions

0.*

0.12.3

0.12.4

0.13.0

0.13.1

0.13.2

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/apache-libcloud/PYSEC-2014-97.yaml"