{"id":"CVE-2013-4179","details":"The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) via an XML Entity Expansion (XEE) attack.  NOTE: this issue is due to an incomplete fix for CVE-2013-1664.","aliases":["GHSA-j6xh-q826-55jw"],"modified":"2025-08-09T19:01:28Z","published":"2013-09-16T19:14:38Z","references":[{"type":"FIX","url":"http://rhn.redhat.com/errata/RHSA-2013-1199.html"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2005-1"},{"type":"EVIDENCE","url":"https://bugs.launchpad.net/ossa/+bug/1190229"}],"schema_version":"1.7.3"}