CVE-2014-7960: OpenStack Swift metadata constraints are not correctly enforced
(updated )
OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafted requests which exceed the limit when combined.
References
- bugs.launchpad.net/swift/+bug/1365350
- exchange.xforce.ibmcloud.com/vulnerabilities/96901
- github.com/advisories/GHSA-g6x3-55qv-x6p2
- github.com/openstack/swift
- github.com/openstack/swift/commit/06800cbe446ce4c937a57b69517b55c3bba9b6e1
- github.com/openstack/swift/commit/2c4622a28ea04e1c6b2382189b0a1f6cccdc9c0f
- github.com/openstack/swift/commit/5b2c27a5874c2b5b0a333e4955b03544f6a8119f
- nvd.nist.gov/vuln/detail/CVE-2014-7960
Detect and mitigate CVE-2014-7960 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →