CVE-2021-40797

Missing Release of Resource after Effective Lifetime in pypi/neutron

Identifiers

CVE-2021-40797

Package Slug

pypi/neutron

Vulnerability

Missing Release of Resource after Effective Lifetime

Description

By making API requests involving nonexistent controllers, an authenticated user may cause the API worker to consume increasing amounts of memory, resulting in API performance degradation or denial of service.

Affected Versions

All versions before 16.4.1, all versions starting from 17.0.0 before 17.2.1, all versions starting from 18.0.0 before 18.1.1

Solution

Upgrade to versions 16.4.1, 17.2.1, 18.1.1 or above.

Last Modified

2021-09-16

source