CVE-2014-3497

Published: 20 June 2014

Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header.

Priority

Medium

Status

Package Release Status
swift
Launchpad, Ubuntu, Debian
Upstream Pending
(2.0.0)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [1.13.1-0ubuntu1.1])
Patches:
Upstream: https://review.openstack.org/101031 (juno)
Upstream: https://review.openstack.org/101032 (icehouse)