CVE-2013-2161: OpenStack Swift Unchecked user input in XML responses

May 14, 2022 (updated May 14, 2024)

XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name.

References

bugs.launchpad.net/swift/+bug/1183884
github.com/advisories/GHSA-9xgv-6v35-mmcj
github.com/openstack/swift
github.com/openstack/swift/commit/6659382c4fa348e1ebbce2424968dd7267ea1db1
github.com/openstack/swift/commit/8f9b135e0a16478a628f20224ce5babe62d4aaba
nvd.nist.gov/vuln/detail/CVE-2013-2161

Detect and mitigate CVE-2013-2161 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →