13 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-49017
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInp...
DEBIAN-CVE-2026-49017
In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...
UBUNTU-CVE-2026-49017
In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...
CVE-2026-49017
In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...
CVE-2026-49017
In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty buffer and re-reads, causing the proxy-server worker handling the request to become permanently...
PT-2026-43476
Name of the Vulnerable Software and Affected Versions OpenStack Swift versions 2.36.0 through 2.36.1 OpenStack Swift versions 2.37.0 through 2.37.1 Description The s3api middleware contains a flaw where the StreamingInput class enters an infinite loop when processing a truncated aws-chunked PUT...
GHSA-V2CH-C8V8-FGR7 Versity panic induced by AWS chunked data sent to port
Sending AWS chunk data with no Content-Length HTTP header causes the panic, every time. Reproduction Setup versity server running on port 7071, no SSL for ease of packet tracing with tshark. Problem can be reproduced with or without SSL on the versity end. Use nginx to reverse proxy on port 7070...
CVE-2021-21390
MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-17T02-33-02Z, there is a vulnerability which enables MITM modification of request bodies that are meant to have integrity guarante...
BIT-MINIO-2021-21390 MITM modification of request bodies in MinIO
MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-17T02-33-02Z, there is a vulnerability which enables MITM modification of request bodies that are meant to have integrity guarante...
CVE-2021-21390
MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-17T02-33-02Z, there is a vulnerability which enables MITM modification of request bodies that are meant to have integrity guarante...
Cross site request forgery (csrf)
MinIO is an open-source high performance object storage service and it is API compatible with Amazon S3 cloud storage service. In MinIO before version RELEASE.2021-03-17T02-33-02Z, there is a vulnerability which enables MITM modification of request bodies that are meant to have integrity guarante...
CVE-2021-21390
MinIO (open-source object storage) contains a PUT-mode vulnerability in aws-chunked encoding where the server may skip end-of-chunk signature verification if a forged chunk size is sent, enabling MITM modification of request bodies intended to be protected by chunk signatures. This affects releas...
minio -- MITM attack
minio developer report: This is a security issue because it enables MITM modification of request bodies that are meant to have integrity guaranteed by chunk signatures. In a PUT request using aws-chunked encoding, MinIO ordinarily verifies signatures at the end of a chunk. This check can be skipp...