Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/k3s@1.20.6.1-r0?arch=armv7&distroversion=v3.23&reponame=community
Typeapk
Namespacealpine
Namek3s
Version1.20.6.1-r0
Qualifiers
arch armv7
distroversion v3.23
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.21.1.1-r0
Latest_non_vulnerable_version1.29.3.1-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-jgn7-651b-p3cm
vulnerability_id VCID-jgn7-651b-p3cm
summary 
Access Restriction Bypass in kube-apiserver
A vulnerability in Kubernetes `kube-apiserver` could allow node updates to bypass a _Validating Admission Webhook_ and allow unauthorized node updates. The information that is provided to the admission controller could contain old configurations that overwrite values used for validation. Since the overwriting takes place before the validation, this could lead the admission controller to accept requests that should be blocked. The vulnerability can be exploited when an update action on node resources is performed and an admission controller is in place and configured to validate the action.

Users are only affected by this vulnerability if they are running a _Validating Admission Webhook_ for Nodes that denies admission based partially on the old state of the Node object. It only impacts validating admission plugins that rely on old values in certain fields and does not impact calls from kubelets that go through the built-in NodeRestriction admission plugin.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25735.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25735.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-25735
reference_id
reference_type
scores
0
value 0.14393
scoring_system epss
scoring_elements 0.94446
published_at 2026-04-24T12:55:00Z
1
value 0.14393
scoring_system epss
scoring_elements 0.94443
published_at 2026-04-18T12:55:00Z
2
value 0.14393
scoring_system epss
scoring_elements 0.94437
published_at 2026-04-16T12:55:00Z
3
value 0.14393
scoring_system epss
scoring_elements 0.94422
published_at 2026-04-13T12:55:00Z
4
value 0.14393
scoring_system epss
scoring_elements 0.9442
published_at 2026-04-11T12:55:00Z
5
value 0.14393
scoring_system epss
scoring_elements 0.94418
published_at 2026-04-09T12:55:00Z
6
value 0.14393
scoring_system epss
scoring_elements 0.94414
published_at 2026-04-08T12:55:00Z
7
value 0.14393
scoring_system epss
scoring_elements 0.94405
published_at 2026-04-07T12:55:00Z
8
value 0.14393
scoring_system epss
scoring_elements 0.94384
published_at 2026-04-01T12:55:00Z
9
value 0.14393
scoring_system epss
scoring_elements 0.94403
published_at 2026-04-04T12:55:00Z
10
value 0.14393
scoring_system epss
scoring_elements 0.94391
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-25735
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1937562
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=1937562
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25735
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25735
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/kubernetes/kubernetes
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes
6
reference_url https://github.com/kubernetes/kubernetes/commit/00e81db174ef7aca497be5f42d87e46d14df2a90
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/commit/00e81db174ef7aca497be5f42d87e46d14df2a90
7
reference_url https://github.com/kubernetes/kubernetes/issues/100096
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/issues/100096
8
reference_url https://github.com/kubernetes/kubernetes/pull/99946
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/pull/99946
9
reference_url https://groups.google.com/g/kubernetes-security-announce/c/FKAGqT4jx9Y
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/kubernetes-security-announce/c/FKAGqT4jx9Y
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-25735
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-25735
11
reference_url https://pkg.go.dev/k8s.io/kubernetes@v1.23.5/cmd/kube-apiserver
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/k8s.io/kubernetes@v1.23.5/cmd/kube-apiserver
12
reference_url https://sysdig.com/blog/cve-2021-25735-kubernetes-admission-bypass
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://sysdig.com/blog/cve-2021-25735-kubernetes-admission-bypass
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990793
reference_id 990793
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990793
14
reference_url https://security.archlinux.org/AVG-1825
reference_id AVG-1825
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1825
15
reference_url https://access.redhat.com/errata/RHSA-2021:2437
reference_id RHSA-2021:2437
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2437
fixed_packages
0
url pkg:apk/alpine/k3s@1.20.6.1-r0?arch=armv7&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/k3s@1.20.6.1-r0?arch=armv7&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.20.6.1-r0%3Farch=armv7&distroversion=v3.23&reponame=community
aliases CVE-2021-25735, GHSA-g42g-737j-qx6j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jgn7-651b-p3cm
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/k3s@1.20.6.1-r0%3Farch=armv7&distroversion=v3.23&reponame=community