Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/cri-o@1.20.2-6.rhaos4.7.gitf1d5201?arch=el7

Type rpm

Namespace redhat

Name cri-o

Version 1.20.2-6.rhaos4.7.gitf1d5201

Qualifiers

arch	el7

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-pqs8-s3dm-7ff2

vulnerability_id

VCID-pqs8-s3dm-7ff2

summary

Improper Locking in github.com/containers/storage
A deadlock vulnerability was found in `github.com/containers/storage` in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20291.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20291.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-20291

reference_id

reference_type

scores

value	0.01026
scoring_system	epss
scoring_elements	0.77349
published_at	2026-04-24T12:55:00Z

value	0.01026
scoring_system	epss
scoring_elements	0.77286
published_at	2026-04-12T12:55:00Z

value	0.01026
scoring_system	epss
scoring_elements	0.77315
published_at	2026-04-21T12:55:00Z

value	0.01026
scoring_system	epss
scoring_elements	0.77323
published_at	2026-04-18T12:55:00Z

value	0.01026
scoring_system	epss
scoring_elements	0.77324
published_at	2026-04-16T12:55:00Z

value	0.01026
scoring_system	epss
scoring_elements	0.77283
published_at	2026-04-13T12:55:00Z

value	0.01026
scoring_system	epss
scoring_elements	0.77221
published_at	2026-04-01T12:55:00Z

value	0.01026
scoring_system	epss
scoring_elements	0.77228
published_at	2026-04-02T12:55:00Z

value	0.01026
scoring_system	epss
scoring_elements	0.77257
published_at	2026-04-04T12:55:00Z

value	0.01026
scoring_system	epss
scoring_elements	0.77239
published_at	2026-04-07T12:55:00Z

value	0.01026
scoring_system	epss
scoring_elements	0.7727
published_at	2026-04-08T12:55:00Z

value	0.01026
scoring_system	epss
scoring_elements	0.77279
published_at	2026-04-09T12:55:00Z

value	0.01026
scoring_system	epss
scoring_elements	0.77306
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-20291

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1939485

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1939485

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20291

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/containers/storage

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/containers/storage

reference_url

https://github.com/containers/storage/commit/306fcabc964470e4b3b87a43a8f6b7d698209ee1

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/containers/storage/commit/306fcabc964470e4b3b87a43a8f6b7d698209ee1

reference_url

https://github.com/containers/storage/pull/860

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/containers/storage/pull/860

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R5D7XL7FL24TWFMGQ3K2S72EOUSLZMKL

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R5D7XL7FL24TWFMGQ3K2S72EOUSLZMKL

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPYOHNG2Q7DCAQZMGYLMENLKALGDLG3X

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPYOHNG2Q7DCAQZMGYLMENLKALGDLG3X

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WX24EITRXVHDM5M223BVTJA2ODF2FSHI

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WX24EITRXVHDM5M223BVTJA2ODF2FSHI

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNMB7O2UIXE34PGSCSOULGHPX5LIJBMM

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNMB7O2UIXE34PGSCSOULGHPX5LIJBMM

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-20291

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-20291

reference_url

https://pkg.go.dev/vuln/GO-2021-0100

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://pkg.go.dev/vuln/GO-2021-0100

reference_url

https://unit42.paloaltonetworks.com/cve-2021-20291

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://unit42.paloaltonetworks.com/cve-2021-20291

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988942
reference_id	988942
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988942

reference_url	https://access.redhat.com/errata/RHSA-2021:1150
reference_id	RHSA-2021:1150
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1150

reference_url	https://access.redhat.com/errata/RHSA-2021:2438
reference_id	RHSA-2021:2438
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2438

reference_url	https://access.redhat.com/errata/RHSA-2021:4154
reference_id	RHSA-2021:4154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4154

reference_url	https://access.redhat.com/errata/RHSA-2022:7954
reference_id	RHSA-2022:7954
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7954

reference_url	https://access.redhat.com/errata/RHSA-2022:7955
reference_id	RHSA-2022:7955
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7955

fixed_packages

aliases

CVE-2021-20291, GHSA-7qw8-847f-pggm

risk_score

3.1

exploitability

0.5

weighted_severity

6.2

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-pqs8-s3dm-7ff2

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cri-o@1.20.2-6.rhaos4.7.gitf1d5201%3Farch=el7

Package Instance