XML injection vulnerability in account/utils.py in OpenStack Swift Folsom, Grizzly, and Havana allows attackers to trigger invalid or spoofed Swift responses via an account name.

References

• https://nvd.nist.gov/vuln/detail/CVE-2013-2161
• https://bugs.launchpad.net/swift/+bug/1183884
• http://lists.opensuse.org/opensuse-updates/2013-07/msg00021.html
• http://rhn.redhat.com/errata/RHSA-2013-0993.html
• http://www.debian.org/security/2012/dsa-2737
• http://www.openwall.com/lists/oss-security/2013/06/13/4
• openstack/swift@6659382
• openstack/swift@8f9b135
• http://github.com/openstack/swift/commit/4eed6bf5b5028409f730be97ddcfb6bfa893c976
• http://github.com/openstack/swift/commit/92d7eadd328797d392758c79e258c8455874c80e