Notice

This document is for a development version of Ceph.

Report a Documentation Bug

CVE-2021-3531: Swift API denial of service

• NIST information page

Unauthenticated users of the Swift API can trigger a server-side assertion with a malformed URL, leading to a denial of service.

Affected versions

• Nautilus v14.2.0 and later

Fixed versions

• Pacific v16.2.4 (and later)

• Octopus v15.2.12 (and later)

• Nautilus v14.2.21 (and later)

Recommendations

All users of Ceph object storage (RGW) should upgrade.

Brought to you by the Ceph Foundation

The Ceph Documentation is a community resource funded and hosted by the non-profit Ceph Foundation. If you would like to support this and our other efforts, please consider joining now.