{"id":"PYSEC-2021-361","details":"An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value.","aliases":["CVE-2021-40085","GHSA-fh73-gjvg-349c"],"modified":"2024-02-23T21:57:00.053545Z","published":"2021-08-31T18:15:00Z","references":[{"type":"WEB","url":"https://security.openstack.org/ossa/OSSA-2021-005.html"},{"type":"WEB","url":"https://launchpad.net/bugs/1939733"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2021/08/31/2"}],"affected":[{"package":{"name":"neutron","ecosystem":"PyPI","purl":"pkg:pypi/neutron"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"16.4.1"},{"introduced":"17.0.0"},{"fixed":"17.2.1"},{"introduced":"18.0.0"},{"fixed":"18.1.1"}]}],"versions":["0.0","10.0.5","10.0.6","10.0.7","11.0.3","11.0.4","11.0.5","11.0.6","11.0.7","11.0.8","12.0.0","12.0.0.0b3","12.0.0.0rc1","12.0.0.0rc2","12.0.1","12.0.2","12.0.3","12.0.4","12.0.5","12.0.6","12.1.0","12.1.1","13.0.0","13.0.0.0b1","13.0.0.0b2","13.0.0.0b3","13.0.0.0rc1","13.0.0.0rc2","13.0.1","13.0.2","13.0.3","13.0.4","13.0.5","13.0.6","13.0.7","14.0.0","14.0.0.0b1","14.0.0.0b2","14.0.0.0b3","14.0.0.0rc1","14.0.1","14.0.2","14.0.3","14.0.4","14.1.0","14.2.0","14.3.0","14.3.1","14.4.0","14.4.1","14.4.2","15.0.0","15.0.0.0b1","15.0.0.0rc1","15.0.0.0rc2","15.0.1","15.0.2","15.1.0","15.2.0","15.3.0","15.3.1","15.3.2","15.3.3","15.3.4","16.0.0","16.0.0.0b1","16.0.0.0rc1","16.0.0.0rc2","16.1.0","16.2.0","16.3.0","16.3.1","16.3.2","16.4.0","17.0.0","17.1.0","17.1.1","17.1.2","17.2.0","18.0.0","18.1.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/neutron/PYSEC-2021-361.yaml"}}],"schema_version":"1.7.3"}