Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: glanceclient

Found 1 matching suggestions

View:
Compact
Detailed
Dismissed
(not in Nixpkgs)
Permalink CVE-2026-34881
5.0 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 4 weeks ago by @LeSuisse Activity log
  • Created suggestion 4 weeks ago
  • @LeSuisse dismissed (not in Nixpkgs) 4 weeks ago
OpenStack Glance <29.1.1, >=30.0.0 <30.1.1, ==31.0.0 is affected by Server-Side …

OpenStack Glance <29.1.1, >=30.0.0 <30.1.1, ==31.0.0 is affected by Server-Side Request Forgery (SSRF). By use of HTTP redirects, an authenticated user can bypass URL validation checks and redirect to internal services. Only glance image import functionality is affected. In particular, the web-download and glance-download import methods are subject to this vulnerability, as is the optional (not enabled by default) ovf_process image import plugin.

Affected products

Glance
  • <30.1.1
  • <29.1.1
  • ==31.0.0

Matching in nixpkgs

pkgs.glance

Self-hosted dashboard that puts all your feeds in one place

pkgs.h5glance

Explore HDF5 files in terminal & HTML views

  • nixos-unstable 0.9
    • nixpkgs-unstable 0.9
    • nixos-unstable-small 0.9
  • nixos-25.11 0.9
    • nixos-25.11-small 0.9
    • nixpkgs-25.11-darwin 0.9

Package maintainers