Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/atomic-openshift@3.11.154-1.git.0.7a097ad?arch=el7
Typerpm
Namespaceredhat
Nameatomic-openshift
Version3.11.154-1.git.0.7a097ad
Qualifiers
arch el7
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-2ej9-nn86-7bet
vulnerability_id VCID-2ej9-nn86-7bet
summary 
Kubernetes kubectl cp Vulnerable to Symlink Attack
The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, and 1.15.4 allows a combination of two symlinks provided by tar output of a malicious container to place a file outside of the destination directory specified in the kubectl cp invocation. This could be used to allow an attacker to place a nefarious file using a symlink, outside of the destination tree.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11251.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11251.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11251
reference_id
reference_type
scores
0
value 0.03448
scoring_system epss
scoring_elements 0.87523
published_at 2026-04-18T12:55:00Z
1
value 0.03448
scoring_system epss
scoring_elements 0.87521
published_at 2026-04-21T12:55:00Z
2
value 0.03448
scoring_system epss
scoring_elements 0.87506
published_at 2026-04-13T12:55:00Z
3
value 0.03448
scoring_system epss
scoring_elements 0.8751
published_at 2026-04-12T12:55:00Z
4
value 0.03448
scoring_system epss
scoring_elements 0.87514
published_at 2026-04-11T12:55:00Z
5
value 0.03448
scoring_system epss
scoring_elements 0.87503
published_at 2026-04-09T12:55:00Z
6
value 0.03448
scoring_system epss
scoring_elements 0.87496
published_at 2026-04-08T12:55:00Z
7
value 0.03448
scoring_system epss
scoring_elements 0.87452
published_at 2026-04-01T12:55:00Z
8
value 0.03448
scoring_system epss
scoring_elements 0.87477
published_at 2026-04-07T12:55:00Z
9
value 0.03448
scoring_system epss
scoring_elements 0.87476
published_at 2026-04-04T12:55:00Z
10
value 0.03448
scoring_system epss
scoring_elements 0.87462
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11251
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/kubernetes/kubernetes/issues/87773
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/issues/87773
4
reference_url https://github.com/kubernetes/kubernetes/pull/82143
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/pull/82143
5
reference_url https://groups.google.com/d/msg/kubernetes-announce/YYtEFdFimZ4/nZnOezZuBgAJ
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://groups.google.com/d/msg/kubernetes-announce/YYtEFdFimZ4/nZnOezZuBgAJ
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11251
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-11251
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1753495
reference_id 1753495
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1753495
8
reference_url https://access.redhat.com/errata/RHSA-2019:3266
reference_id RHSA-2019:3266
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3266
9
reference_url https://access.redhat.com/errata/RHSA-2019:3267
reference_id RHSA-2019:3267
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3267
fixed_packages
aliases CVE-2019-11251, GHSA-6qfg-8799-r575
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ej9-nn86-7bet
1
url VCID-9s34-1nd8-f7ee
vulnerability_id VCID-9s34-1nd8-f7ee
summary 
XML Entity Expansion and Improper Input Validation in Kubernetes API server
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility.

### Specific Go Packages Affected
k8s.io/kubernetes/pkg/apiserver
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:3239
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3239
1
reference_url https://access.redhat.com/errata/RHSA-2019:3811
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3811
2
reference_url https://access.redhat.com/errata/RHSA-2019:3905
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3905
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11253.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11253.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11253
reference_id
reference_type
scores
0
value 0.83793
scoring_system epss
scoring_elements 0.99291
published_at 2026-04-08T12:55:00Z
1
value 0.83793
scoring_system epss
scoring_elements 0.99296
published_at 2026-04-18T12:55:00Z
2
value 0.83793
scoring_system epss
scoring_elements 0.99295
published_at 2026-04-16T12:55:00Z
3
value 0.83793
scoring_system epss
scoring_elements 0.99294
published_at 2026-04-21T12:55:00Z
4
value 0.83793
scoring_system epss
scoring_elements 0.99293
published_at 2026-04-13T12:55:00Z
5
value 0.83793
scoring_system epss
scoring_elements 0.99292
published_at 2026-04-09T12:55:00Z
6
value 0.83793
scoring_system epss
scoring_elements 0.99285
published_at 2026-04-01T12:55:00Z
7
value 0.83793
scoring_system epss
scoring_elements 0.99286
published_at 2026-04-02T12:55:00Z
8
value 0.83793
scoring_system epss
scoring_elements 0.99288
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11253
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11253
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11253
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://gist.github.com/bgeesaman/0e0349e94cd22c48bf14d8a9b7d6b8f2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://gist.github.com/bgeesaman/0e0349e94cd22c48bf14d8a9b7d6b8f2
8
reference_url https://github.com/kubernetes/kubernetes/issues/83253
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/issues/83253
9
reference_url https://github.com/kubernetes/kubernetes/pull/83261
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/pull/83261
10
reference_url https://groups.google.com/forum/#%21topic/kubernetes-security-announce/jk8polzSUxs
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21topic/kubernetes-security-announce/jk8polzSUxs
11
reference_url https://groups.google.com/forum/#!topic/kubernetes-security-announce/jk8polzSUxs
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/kubernetes-security-announce/jk8polzSUxs
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11253
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-11253
13
reference_url https://pkg.go.dev/vuln/GO-2022-0703
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2022-0703
14
reference_url https://security.netapp.com/advisory/ntap-20191031-0006
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20191031-0006
15
reference_url https://security.netapp.com/advisory/ntap-20191031-0006/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20191031-0006/
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1757701
reference_id 1757701
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1757701
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*
21
reference_url https://access.redhat.com/errata/RHSA-2019:3132
reference_id RHSA-2019:3132
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3132
22
reference_url https://access.redhat.com/errata/RHSA-2020:2795
reference_id RHSA-2020:2795
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2795
23
reference_url https://access.redhat.com/errata/RHSA-2020:2796
reference_id RHSA-2020:2796
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2796
24
reference_url https://access.redhat.com/errata/RHSA-2020:2799
reference_id RHSA-2020:2799
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2799
25
reference_url https://access.redhat.com/errata/RHSA-2020:2861
reference_id RHSA-2020:2861
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2861
26
reference_url https://access.redhat.com/errata/RHSA-2020:2863
reference_id RHSA-2020:2863
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2863
27
reference_url https://access.redhat.com/errata/RHSA-2020:2870
reference_id RHSA-2020:2870
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2870
28
reference_url https://access.redhat.com/errata/RHSA-2022:2183
reference_id RHSA-2022:2183
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2183
fixed_packages
aliases CVE-2019-11253, GHSA-pmqp-h87c-mr78
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9s34-1nd8-f7ee
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.11.154-1.git.0.7a097ad%3Farch=el7