{"id":"PYSEC-2026-650","summary":"OpenStack Keystone Denial of Service vulnerability via a large HTTP request","details":"OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a large HTTP request, as demonstrated by a long tenant_name when requesting a token.","aliases":["CVE-2013-0270","GHSA-4ppj-4p4v-jf4p"],"modified":"2026-07-06T08:00:46.216431837Z","published":"2026-07-02T14:13:22.017502Z","references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2013-0270"},{"type":"WEB","url":"https://github.com/openstack/keystone/commit/7691276b869a86c2b75631d5bede9f61e030d9d8"},{"type":"WEB","url":"https://github.com/openstack/keystone/commit/82c87e5638ebaf9f166a9b07a0155291276d6fdc"},{"type":"WEB","url":"https://access.redhat.com/security/cve/CVE-2013-0270"},{"type":"WEB","url":"https://bugs.launchpad.net/keystone/+bug/1099025"},{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=909012"},{"type":"WEB","url":"https://launchpad.net/keystone/grizzly/2013.1"},{"type":"WEB","url":"http://rhn.redhat.com/errata/RHSA-2013-0708.html"},{"type":"PACKAGE","url":"https://pypi.org/project/keystone"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-4ppj-4p4v-jf4p"}],"affected":[{"package":{"name":"keystone","ecosystem":"PyPI","purl":"pkg:pypi/keystone"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.0.0a0"}]}],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/keystone/PYSEC-2026-650.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}