This document is for a development version of Ceph.

CVE-2021-3531: Swift API denial of service

Unauthenticated users of the Swift API can trigger a server-side assertion with a malformed URL, leading to a denial of service.

Affected versions

  • Nautilus v14.2.0 and later

Fixed versions

  • Pacific v16.2.4 (and later)

  • Octopus v15.2.12 (and later)

  • Nautilus v14.2.21 (and later)


All users of Ceph object storage (RGW) should upgrade.

Brought to you by the Ceph Foundation

The Ceph Documentation is a community resource funded and hosted by the non-profit Ceph Foundation. If you would like to support this and our other efforts, please consider joining now.