Swift
Monthly
Denial of service in OpenStack Swift's s3api middleware allows an authenticated S3 API user to permanently hang proxy-server workers by sending a truncated aws-chunked PUT request body. Versions 2.36.0 through 2.36.1 and 2.37.0 through 2.37.1 are affected; the defect was introduced in 2.36.0 and fixed in 2.36.2 and 2.37.2. There is no public exploit identified at time of analysis, and EPSS is very low (0.04%, 12th percentile), but the high availability impact and low attack complexity make this a credible operational threat to S3-compatible Swift deployments.
Denial of service in OpenStack Swift's s3api middleware allows an authenticated S3 API user to permanently hang proxy-server workers by sending a truncated aws-chunked PUT request body. Versions 2.36.0 through 2.36.1 and 2.37.0 through 2.37.1 are affected; the defect was introduced in 2.36.0 and fixed in 2.36.2 and 2.37.2. There is no public exploit identified at time of analysis, and EPSS is very low (0.04%, 12th percentile), but the high availability impact and low attack complexity make this a credible operational threat to S3-compatible Swift deployments.