Openstack Swift
13 CVEs affecting Openstack Swift. Latest disclosed: 2026-05-27. Critical: 2, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2017-16613 | Critical | 9.8 | 2017-11-21 | An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy serv… |
CVE-2012-4406 | Critical | 9.8 | 2012-10-22 | OpenStack Object Storage (swift) before 1.7.0 uses the loads function in the pickle Python module unsafely when storing and loading metadata in memcached, whic… |
CVE-2016-0738 | High | 7.5 | 2016-01-29 | OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x before 2.5.1 (Liberty) do not properly close server connections, which allows remote att… |
CVE-2016-0737 | High | 7.5 | 2016-01-29 | OpenStack Object Storage (Swift) before 2.4.0 does not properly close client connections, which allows remote attackers to cause a denial of service (proxy-ser… |
CVE-2026-49017 | | 2026-05-27 | In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingIn… | |
CVE-2015-5223 | | 2015-10-26 | OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an o… | |
CVE-2015-1856 | | 2015-04-17 | OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by… | |
CVE-2014-7960 | | 2014-10-17 | OpenStack Object Storage (Swift) before 2.2.0 allows remote authenticated users to bypass the max_meta_count and other metadata constraints via multiple crafte… | |
CVE-2014-3497 | | 2014-07-03 | Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Au… | |
CVE-2013-6396 | | 2014-02-18 | The OpenStack Python client library for Swift (python-swiftclient) 1.0 through 1.9.0 does not verify X.509 certificates from SSL servers, which allows man-in-t… | |
CVE-2014-0006 | | 2014-01-23 | The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs… | |
CVE-2013-4155 | | 2013-08-20 | OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Sw… | |
CVE-2013-1840 | | 2013-03-22 | The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and Grizzly, when using the single-tenant Swift or S3 store, reports the location field, which… |