CVE-2013-1664

Openstack Cinder Folsom < 1.3.6 - Memory Corruption

Title source: rule

Description

The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used in OpenStack Keystone Essex, Folsom, and Grizzly; Compute (Nova) Essex and Folsom; Cinder Folsom; Django; and possibly other products allow remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.

References (10)

Scores

EPSS 0.0394
EPSS Percentile 88.2%

Classification

CWE
CWE-119
Status draft

Affected Products (7)

openstack/cinder_folsom
openstack/compute_\(nova\)_essex
openstack/compute_\(nova\)_folsom
openstack/folsom
openstack/grizzly
openstack/keystone_essex
pypi/Django < 1.3.6PyPI

Timeline

Published Apr 03, 2013
Tracked Since Feb 18, 2026