Lucene search

K
osvGoogleOSV:GHSA-J6XH-Q826-55JW
HistoryMay 17, 2022 - 4:58 a.m.

OpenStack Compute (Nova) vulnerable to denial of service via XML Entity Expansion attack

2022-05-1704:58:58
Google
osv.dev
14
openstack
nova
vulnerability
xml entity expansion
xee
attack
denial of service

EPSS

0.09

Percentile

94.6%

The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack. NOTE: this issue is due to an incomplete fix for CVE-2013-1664.