CVE-2022-47950

OpenStack Swift contains a vulnerability (CVE-2022-47950) where a authenticated user can supply crafted XML to the S3 API, causing it to disclose arbitrary host files. Affected lines mention OpenStack Swift versions before 2.28.1, 2.29.x before 2.29.2, and 2.30.0, with impact on both s3api (Rocky...

CVE-2012-4406

OpenStack Swift prior to 1.7.0 is vulnerable: it uses the pickle loads function to serialize/deserialize metadata in memcached, enabling remote code execution via a crafted pickle object. Public advisories (RHSA-2012:1379) note that a fix exists but is not enabled by default; remediation involves...