Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
Typedeb
Namespacedebian
Namedocker.io
Version20.10.5+dfsg1-1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version20.10.24+dfsg1-1
Latest_non_vulnerable_version26.1.5+dfsg1-9
Affected_by_vulnerabilities
0
url VCID-3eju-5upk-auhy
vulnerability_id VCID-3eju-5upk-auhy
summary 
`docker cp` allows unexpected chmod of host files in Moby Docker Engine
## Impact
A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process.

## Patches
This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.

## Workarounds
Ensure you only run trusted containers.

## Credits
The Moby project would like to thank Lei Wang and Ruizhi Xiao for responsibly disclosing this issue in accordance with the [Moby security policy](https://github.com/moby/moby/blob/master/SECURITY.md).

## For more information
If you have any questions or comments about this advisory:

* [Open an issue](https://github.com/moby/moby/issues/new)
* Email us at  security@docker.com  if you think you’ve found a security bug
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41089.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41089.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41089
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.08744
published_at 2026-04-21T12:55:00Z
1
value 0.00031
scoring_system epss
scoring_elements 0.08592
published_at 2026-04-18T12:55:00Z
2
value 0.00031
scoring_system epss
scoring_elements 0.08605
published_at 2026-04-16T12:55:00Z
3
value 0.00031
scoring_system epss
scoring_elements 0.08679
published_at 2026-04-02T12:55:00Z
4
value 0.00031
scoring_system epss
scoring_elements 0.0873
published_at 2026-04-12T12:55:00Z
5
value 0.00031
scoring_system epss
scoring_elements 0.08753
published_at 2026-04-11T12:55:00Z
6
value 0.00031
scoring_system epss
scoring_elements 0.08752
published_at 2026-04-09T12:55:00Z
7
value 0.00031
scoring_system epss
scoring_elements 0.08728
published_at 2026-04-08T12:55:00Z
8
value 0.00031
scoring_system epss
scoring_elements 0.08651
published_at 2026-04-07T12:55:00Z
9
value 0.00031
scoring_system epss
scoring_elements 0.08652
published_at 2026-04-01T12:55:00Z
10
value 0.00031
scoring_system epss
scoring_elements 0.08727
published_at 2026-04-04T12:55:00Z
11
value 0.00031
scoring_system epss
scoring_elements 0.08715
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41089
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41089
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41089
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/moby/moby
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby
6
reference_url https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a
7
reference_url https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41089
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41089
11
reference_url https://pkg.go.dev/vuln/GO-2024-2913
reference_id
reference_type
scores
0
value 2.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2024-2913
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2008592
reference_id 2008592
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2008592
13
reference_url https://security.archlinux.org/AVG-2440
reference_id AVG-2440
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2440
14
reference_url https://security.gentoo.org/glsa/202409-29
reference_id GLSA-202409-29
reference_type
scores
url https://security.gentoo.org/glsa/202409-29
15
reference_url https://usn.ubuntu.com/5103-1/
reference_id USN-5103-1
reference_type
scores
url https://usn.ubuntu.com/5103-1/
fixed_packages
0
url pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2
purl pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sky-21r5-3qcu
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6tg9-3vhh-muae
3
vulnerability VCID-8e1u-z6kg-ryhc
4
vulnerability VCID-avqu-wswg-c3ga
5
vulnerability VCID-b2qe-8u58-2qck
6
vulnerability VCID-bzeb-kj67-vfds
7
vulnerability VCID-e82r-vc77-f7bz
8
vulnerability VCID-njcw-wc13-dqcz
9
vulnerability VCID-quyf-eq2s-dbda
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2
aliases CVE-2021-41089, GHSA-v994-f8vw-g7j4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3eju-5upk-auhy
1
url VCID-41ft-14gt-bbbq
vulnerability_id VCID-41ft-14gt-bbbq
summary 
Authz zero length regression
A security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass [authorization plugins (AuthZ)](https://docs.docker.com/engine/extend/plugins_authorization/) under specific circumstances. The base likelihood of this being exploited is low. This advisory outlines the issue, identifies the affected versions, and provides remediation steps for impacted users.

### Impact

Using a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an [authorization plugin](https://docs.docker.com/engine/extend/plugins_authorization/) without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.


A security issue was discovered In 2018,  where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine [v18.09.1](https://docs.docker.com/engine/release-notes/18.09/#security-fixes-1) in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.

Docker EE v19.03.x and all versions of Mirantis Container Runtime **are not vulnerable.**

### Vulnerability details

- **AuthZ bypass and privilege escalation:** An attacker could exploit a bypass using an API request with Content-Length set to 0, causing the Docker daemon to forward the request without the body to the AuthZ plugin, which might approve the request incorrectly.
- **Initial fix:** The issue was fixed in Docker Engine [v18.09.1](https://docs.docker.com/engine/release-notes/18.09/#security-fixes-1) January 2019..
- **Regression:** The fix was not included in Docker Engine v19.03 or newer versions. This was identified in April 2024 and patches were released for the affected versions on July 23, 2024. The issue was assigned [CVE-2024-41110](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110).

### Patches

- docker-ce v27.1.1 containes patches to fix the vulnerability.
- Patches have also been merged into the master, 19.0, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches.

### Remediation steps

- If you are running an affected version, update to the most recent patched version.
- Mitigation if unable to update immediately:
    - Avoid using AuthZ plugins.
    - Restrict access to the Docker API to trusted parties, following the principle of least privilege.


### References

- https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb
- https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1
- https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41110.json
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41110.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-41110
reference_id
reference_type
scores
0
value 0.03417
scoring_system epss
scoring_elements 0.87459
published_at 2026-04-21T12:55:00Z
1
value 0.04028
scoring_system epss
scoring_elements 0.88501
published_at 2026-04-16T12:55:00Z
2
value 0.04028
scoring_system epss
scoring_elements 0.88486
published_at 2026-04-13T12:55:00Z
3
value 0.04028
scoring_system epss
scoring_elements 0.88487
published_at 2026-04-12T12:55:00Z
4
value 0.04028
scoring_system epss
scoring_elements 0.88484
published_at 2026-04-09T12:55:00Z
5
value 0.04028
scoring_system epss
scoring_elements 0.88497
published_at 2026-04-18T12:55:00Z
6
value 0.04028
scoring_system epss
scoring_elements 0.88494
published_at 2026-04-11T12:55:00Z
7
value 0.04028
scoring_system epss
scoring_elements 0.8844
published_at 2026-04-02T12:55:00Z
8
value 0.04028
scoring_system epss
scoring_elements 0.88455
published_at 2026-04-04T12:55:00Z
9
value 0.04028
scoring_system epss
scoring_elements 0.88459
published_at 2026-04-07T12:55:00Z
10
value 0.04028
scoring_system epss
scoring_elements 0.88478
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-41110
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/moby/moby
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby
5
reference_url https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/
url https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191
6
reference_url https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/
url https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76
7
reference_url https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/
url https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919
8
reference_url https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/
url https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b
9
reference_url https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/
url https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0
10
reference_url https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/
url https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1
11
reference_url https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/
url https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00
12
reference_url https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/
url https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f
13
reference_url https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/
url https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801
14
reference_url https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/
url https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb
15
reference_url https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/
url https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-41110
reference_id
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-41110
17
reference_url https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/
url https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2299720
reference_id 2299720
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2299720
19
reference_url https://access.redhat.com/errata/RHSA-2025:3714
reference_id RHSA-2025:3714
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3714
20
reference_url https://usn.ubuntu.com/7161-1/
reference_id USN-7161-1
reference_type
scores
url https://usn.ubuntu.com/7161-1/
21
reference_url https://usn.ubuntu.com/7161-2/
reference_id USN-7161-2
reference_type
scores
url https://usn.ubuntu.com/7161-2/
22
reference_url https://usn.ubuntu.com/7161-3/
reference_id USN-7161-3
reference_type
scores
url https://usn.ubuntu.com/7161-3/
fixed_packages
0
url pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1
purl pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1
aliases CVE-2024-41110, GHSA-v23v-6jw2-98fq
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-41ft-14gt-bbbq
2
url VCID-bhju-575k-ebh3
vulnerability_id VCID-bhju-575k-ebh3
summary 
Docker CLI leaks private registry credentials to registry-1.docker.io
## Impact

A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry.

## Patches

This bug has been fixed in Docker CLI 20.10.9.  Users should update to this version as soon as possible.

## Workarounds

Ensure that any configured `credsStore` or `credHelpers` entries in the configuration file reference an installed credential helper that is executable and on the `PATH`.

## For more information

If you have any questions or comments about this advisory:

* [Open an issue](https://github.com/docker/cli/issues/new/choose)
* Email us at security@docker.com if you think you’ve found a security bug
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41092.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41092.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41092
reference_id
reference_type
scores
0
value 0.00077
scoring_system epss
scoring_elements 0.22948
published_at 2026-04-21T12:55:00Z
1
value 0.00077
scoring_system epss
scoring_elements 0.22923
published_at 2026-04-01T12:55:00Z
2
value 0.00077
scoring_system epss
scoring_elements 0.23089
published_at 2026-04-02T12:55:00Z
3
value 0.00077
scoring_system epss
scoring_elements 0.23134
published_at 2026-04-04T12:55:00Z
4
value 0.00077
scoring_system epss
scoring_elements 0.22925
published_at 2026-04-07T12:55:00Z
5
value 0.00077
scoring_system epss
scoring_elements 0.22998
published_at 2026-04-08T12:55:00Z
6
value 0.00077
scoring_system epss
scoring_elements 0.2305
published_at 2026-04-09T12:55:00Z
7
value 0.00077
scoring_system epss
scoring_elements 0.2307
published_at 2026-04-11T12:55:00Z
8
value 0.00077
scoring_system epss
scoring_elements 0.23034
published_at 2026-04-12T12:55:00Z
9
value 0.00077
scoring_system epss
scoring_elements 0.22977
published_at 2026-04-13T12:55:00Z
10
value 0.00077
scoring_system epss
scoring_elements 0.22991
published_at 2026-04-16T12:55:00Z
11
value 0.00077
scoring_system epss
scoring_elements 0.22984
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41092
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41092
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41092
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b
6
reference_url https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41092
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41092
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2023449
reference_id 2023449
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2023449
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998292
reference_id 998292
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998292
12
reference_url https://security.archlinux.org/AVG-2440
reference_id AVG-2440
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2440
13
reference_url https://usn.ubuntu.com/5134-1/
reference_id USN-5134-1
reference_type
scores
url https://usn.ubuntu.com/5134-1/
fixed_packages
0
url pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2
purl pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sky-21r5-3qcu
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6tg9-3vhh-muae
3
vulnerability VCID-8e1u-z6kg-ryhc
4
vulnerability VCID-avqu-wswg-c3ga
5
vulnerability VCID-b2qe-8u58-2qck
6
vulnerability VCID-bzeb-kj67-vfds
7
vulnerability VCID-e82r-vc77-f7bz
8
vulnerability VCID-njcw-wc13-dqcz
9
vulnerability VCID-quyf-eq2s-dbda
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2
aliases CVE-2021-41092, GHSA-99pg-grm5-qq3v
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bhju-575k-ebh3
3
url VCID-e9ng-x516-53cf
vulnerability_id VCID-e9ng-x516-53cf
summary 
Moby (Docker Engine) Insufficiently restricted permissions on data directory
## Impact

A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs.  When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs.  When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files.

## Patches

This bug has been fixed in Moby (Docker Engine) 20.10.9.  Users should update to this version as soon as possible.  Running containers should be stopped and restarted for the permissions to be fixed.

## Workarounds

Limit access to the host to trusted users.  Limit access to host volumes to trusted containers.

## Credits

The Moby project would like to thank Joan Bruguera for responsibly disclosing this issue in accordance with the [Moby security policy](https://github.com/moby/moby/blob/master/SECURITY.md).

## For more information

If you have any questions or comments about this advisory:

* [Open an issue](https://github.com/moby/moby/issues/new)
* Email us at security@docker.com if you think you’ve found a security bug
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41091.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41091.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41091
reference_id
reference_type
scores
0
value 0.04746
scoring_system epss
scoring_elements 0.89438
published_at 2026-04-21T12:55:00Z
1
value 0.04746
scoring_system epss
scoring_elements 0.8943
published_at 2026-04-11T12:55:00Z
2
value 0.04746
scoring_system epss
scoring_elements 0.89429
published_at 2026-04-12T12:55:00Z
3
value 0.04746
scoring_system epss
scoring_elements 0.89424
published_at 2026-04-13T12:55:00Z
4
value 0.04746
scoring_system epss
scoring_elements 0.8944
published_at 2026-04-16T12:55:00Z
5
value 0.04746
scoring_system epss
scoring_elements 0.89441
published_at 2026-04-18T12:55:00Z
6
value 0.0558
scoring_system epss
scoring_elements 0.90259
published_at 2026-04-02T12:55:00Z
7
value 0.0558
scoring_system epss
scoring_elements 0.90298
published_at 2026-04-09T12:55:00Z
8
value 0.0558
scoring_system epss
scoring_elements 0.90291
published_at 2026-04-08T12:55:00Z
9
value 0.0558
scoring_system epss
scoring_elements 0.90276
published_at 2026-04-07T12:55:00Z
10
value 0.0558
scoring_system epss
scoring_elements 0.90256
published_at 2026-04-01T12:55:00Z
11
value 0.0558
scoring_system epss
scoring_elements 0.90272
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41091
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41091
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41091
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/moby/moby
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby
6
reference_url https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64
7
reference_url https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41091
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41091
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2023448
reference_id 2023448
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2023448
12
reference_url https://security.archlinux.org/AVG-2440
reference_id AVG-2440
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2440
13
reference_url https://security.gentoo.org/glsa/202409-29
reference_id GLSA-202409-29
reference_type
scores
url https://security.gentoo.org/glsa/202409-29
fixed_packages
0
url pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2
purl pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1sky-21r5-3qcu
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6tg9-3vhh-muae
3
vulnerability VCID-8e1u-z6kg-ryhc
4
vulnerability VCID-avqu-wswg-c3ga
5
vulnerability VCID-b2qe-8u58-2qck
6
vulnerability VCID-bzeb-kj67-vfds
7
vulnerability VCID-e82r-vc77-f7bz
8
vulnerability VCID-njcw-wc13-dqcz
9
vulnerability VCID-quyf-eq2s-dbda
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2
aliases CVE-2021-41091, GHSA-3fwx-pjgw-3558
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e9ng-x516-53cf
Fixing_vulnerabilities
0
url VCID-6vru-hsfs-rufg
vulnerability_id VCID-6vru-hsfs-rufg
summary 
Multiple vulnerabilities have been found in containerd, the worst
    of which could result in privilege escalation.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15257.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15257.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15257
reference_id
reference_type
scores
0
value 0.11147
scoring_system epss
scoring_elements 0.93475
published_at 2026-04-13T12:55:00Z
1
value 0.11147
scoring_system epss
scoring_elements 0.93501
published_at 2026-04-18T12:55:00Z
2
value 0.11147
scoring_system epss
scoring_elements 0.93495
published_at 2026-04-16T12:55:00Z
3
value 0.11147
scoring_system epss
scoring_elements 0.93442
published_at 2026-04-01T12:55:00Z
4
value 0.11147
scoring_system epss
scoring_elements 0.9345
published_at 2026-04-02T12:55:00Z
5
value 0.11147
scoring_system epss
scoring_elements 0.93458
published_at 2026-04-07T12:55:00Z
6
value 0.11147
scoring_system epss
scoring_elements 0.93466
published_at 2026-04-08T12:55:00Z
7
value 0.11147
scoring_system epss
scoring_elements 0.9347
published_at 2026-04-09T12:55:00Z
8
value 0.11997
scoring_system epss
scoring_elements 0.93802
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15257
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/containerd/containerd/commit/4a4bb851f5da563ff6e68a83dc837c7699c469ad
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/commit/4a4bb851f5da563ff6e68a83dc837c7699c469ad
8
reference_url https://github.com/containerd/containerd/releases/tag/v1.4.3
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/releases/tag/v1.4.3
9
reference_url https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNKXLOLZWO5FMAPX63ZL7JNKTNNT5NQD
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNKXLOLZWO5FMAPX63ZL7JNKTNNT5NQD
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15257
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15257
12
reference_url https://research.nccgroup.com/2020/12/10/abstract-shimmer-cve-2020-15257-host-networking-is-root-equivalent-again
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://research.nccgroup.com/2020/12/10/abstract-shimmer-cve-2020-15257-host-networking-is-root-equivalent-again
13
reference_url https://security.gentoo.org/glsa/202105-33
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202105-33
14
reference_url https://www.debian.org/security/2021/dsa-4865
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-4865
15
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1899487
reference_id 1899487
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1899487
16
reference_url https://security.archlinux.org/ASA-202012-8
reference_id ASA-202012-8
reference_type
scores
url https://security.archlinux.org/ASA-202012-8
17
reference_url https://security.archlinux.org/AVG-1309
reference_id AVG-1309
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1309
18
reference_url https://access.redhat.com/errata/RHSA-2022:2183
reference_id RHSA-2022:2183
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2183
19
reference_url https://usn.ubuntu.com/4653-1/
reference_id USN-4653-1
reference_type
scores
url https://usn.ubuntu.com/4653-1/
20
reference_url https://usn.ubuntu.com/4653-2/
reference_id USN-4653-2
reference_type
scores
url https://usn.ubuntu.com/4653-2/
fixed_packages
0
url pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
purl pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6vru-hsfs-rufg
3
vulnerability VCID-bhju-575k-ebh3
4
vulnerability VCID-e9ng-x516-53cf
5
vulnerability VCID-gbw6-3a59-mbhu
6
vulnerability VCID-gund-83cy-9fap
7
vulnerability VCID-h83p-v26k-s7fa
8
vulnerability VCID-pevy-d197-zydv
9
vulnerability VCID-u44m-mgza-nfcx
10
vulnerability VCID-uckr-kzdf-7ydj
11
vulnerability VCID-yt33-nmzd-r3cs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3
1
url pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
purl pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-bhju-575k-ebh3
3
vulnerability VCID-e9ng-x516-53cf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1
aliases CVE-2020-15257, GHSA-36xw-fx78-c5r4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6vru-hsfs-rufg
1
url VCID-gbw6-3a59-mbhu
vulnerability_id VCID-gbw6-3a59-mbhu
summary 
containerd v1.2.x can be coerced into leaking credentials during image pull
## Impact

If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign layer”), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers.

If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account.

The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it.

This vulnerability has been rated by the containerd maintainers as medium, with a CVSS score of 6.1 and a vector string of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N.

## Patches

This vulnerability has been fixed in containerd 1.2.14.  containerd 1.3 and later are not affected.

## Workarounds

If you are using containerd 1.3 or later, you are not affected.  If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources.  Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected.

## Credits

The containerd maintainers would like to thank Brad Geesaman, Josh Larsen, Ian Coldwater, Duffie Cooley, and Rory McCune for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/master/SECURITY.md).
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15157.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15157.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15157
reference_id
reference_type
scores
0
value 0.00777
scoring_system epss
scoring_elements 0.73669
published_at 2026-04-16T12:55:00Z
1
value 0.00777
scoring_system epss
scoring_elements 0.73678
published_at 2026-04-18T12:55:00Z
2
value 0.00777
scoring_system epss
scoring_elements 0.73575
published_at 2026-04-01T12:55:00Z
3
value 0.00777
scoring_system epss
scoring_elements 0.73584
published_at 2026-04-02T12:55:00Z
4
value 0.00777
scoring_system epss
scoring_elements 0.73608
published_at 2026-04-04T12:55:00Z
5
value 0.00777
scoring_system epss
scoring_elements 0.7358
published_at 2026-04-07T12:55:00Z
6
value 0.00777
scoring_system epss
scoring_elements 0.73617
published_at 2026-04-08T12:55:00Z
7
value 0.00777
scoring_system epss
scoring_elements 0.73629
published_at 2026-04-09T12:55:00Z
8
value 0.00777
scoring_system epss
scoring_elements 0.73652
published_at 2026-04-11T12:55:00Z
9
value 0.00777
scoring_system epss
scoring_elements 0.73634
published_at 2026-04-12T12:55:00Z
10
value 0.00777
scoring_system epss
scoring_elements 0.73625
published_at 2026-04-13T12:55:00Z
11
value 0.00846
scoring_system epss
scoring_elements 0.74851
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15157
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285
6
reference_url https://darkbit.io/blog/cve-2020-15157-containerdrip
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://darkbit.io/blog/cve-2020-15157-containerdrip
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/containerd/containerd
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd
9
reference_url https://github.com/containerd/containerd/commit/1ead8d9deb3b175bf40413b8c47b3d19c2262726
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/commit/1ead8d9deb3b175bf40413b8c47b3d19c2262726
10
reference_url https://github.com/containerd/containerd/releases/tag/v1.2.14
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/releases/tag/v1.2.14
11
reference_url https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15157
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15157
13
reference_url https://usn.ubuntu.com/4589-1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4589-1
14
reference_url https://usn.ubuntu.com/4589-2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4589-2
15
reference_url https://www.debian.org/security/2021/dsa-4865
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-4865
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1888248
reference_id 1888248
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1888248
17
reference_url https://usn.ubuntu.com/4589-1/
reference_id USN-4589-1
reference_type
scores
url https://usn.ubuntu.com/4589-1/
18
reference_url https://usn.ubuntu.com/4589-2/
reference_id USN-4589-2
reference_type
scores
url https://usn.ubuntu.com/4589-2/
fixed_packages
0
url pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
purl pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6vru-hsfs-rufg
3
vulnerability VCID-bhju-575k-ebh3
4
vulnerability VCID-e9ng-x516-53cf
5
vulnerability VCID-gbw6-3a59-mbhu
6
vulnerability VCID-gund-83cy-9fap
7
vulnerability VCID-h83p-v26k-s7fa
8
vulnerability VCID-pevy-d197-zydv
9
vulnerability VCID-u44m-mgza-nfcx
10
vulnerability VCID-uckr-kzdf-7ydj
11
vulnerability VCID-yt33-nmzd-r3cs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3
1
url pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
purl pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-bhju-575k-ebh3
3
vulnerability VCID-e9ng-x516-53cf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1
aliases CVE-2020-15157, GHSA-742w-89gc-8m9c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gbw6-3a59-mbhu
2
url VCID-gund-83cy-9fap
vulnerability_id VCID-gund-83cy-9fap
summary 
moby Access to remapped root allows privilege escalation to real root
### Impact

When using `--userns-remap`, if the root user in the remapped namespace has access to the host filesystem they can modify files under `/var/lib/docker/<remapping>` that cause writing files with extended privileges.

### Patches

Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.

### Credits

Maintainers would like to thank Alex Chapman for discovering the vulnerability; @awprice, @nathanburrell, @raulgomis, @chris-walz, @erin-jensby, @bassmatt, @mark-adams, @dbaxa for working on it and Zac Ellis for responsibly disclosing it to security@docker.com
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21284.json
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21284.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21284
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05518
published_at 2026-04-21T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05357
published_at 2026-04-18T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05401
published_at 2026-04-13T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.05409
published_at 2026-04-12T12:55:00Z
4
value 0.0002
scoring_system epss
scoring_elements 0.05422
published_at 2026-04-11T12:55:00Z
5
value 0.0002
scoring_system epss
scoring_elements 0.05448
published_at 2026-04-09T12:55:00Z
6
value 0.0002
scoring_system epss
scoring_elements 0.05426
published_at 2026-04-08T12:55:00Z
7
value 0.0002
scoring_system epss
scoring_elements 0.05392
published_at 2026-04-07T12:55:00Z
8
value 0.0002
scoring_system epss
scoring_elements 0.05384
published_at 2026-04-04T12:55:00Z
9
value 0.0002
scoring_system epss
scoring_elements 0.05354
published_at 2026-04-16T12:55:00Z
10
value 0.0002
scoring_system epss
scoring_elements 0.05312
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21284
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285
6
reference_url https://docs.docker.com/engine/release-notes/#20103
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.docker.com/engine/release-notes/#20103
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/moby/moby/commit/64bd4485b3a66a597c02c95f5776395e540b2c7c
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/commit/64bd4485b3a66a597c02c95f5776395e540b2c7c
9
reference_url https://github.com/moby/moby/releases/tag/v19.03.15
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/releases/tag/v19.03.15
10
reference_url https://github.com/moby/moby/releases/tag/v20.10.3
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/releases/tag/v20.10.3
11
reference_url https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21284
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21284
13
reference_url https://security.gentoo.org/glsa/202107-23
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-23
14
reference_url https://security.netapp.com/advisory/ntap-20210226-0005
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210226-0005
15
reference_url https://www.debian.org/security/2021/dsa-4865
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-4865
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1924740
reference_id 1924740
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1924740
17
reference_url https://security.archlinux.org/ASA-202102-12
reference_id ASA-202102-12
reference_type
scores
url https://security.archlinux.org/ASA-202102-12
18
reference_url https://security.archlinux.org/AVG-1528
reference_id AVG-1528
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1528
fixed_packages
0
url pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
purl pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6vru-hsfs-rufg
3
vulnerability VCID-bhju-575k-ebh3
4
vulnerability VCID-e9ng-x516-53cf
5
vulnerability VCID-gbw6-3a59-mbhu
6
vulnerability VCID-gund-83cy-9fap
7
vulnerability VCID-h83p-v26k-s7fa
8
vulnerability VCID-pevy-d197-zydv
9
vulnerability VCID-u44m-mgza-nfcx
10
vulnerability VCID-uckr-kzdf-7ydj
11
vulnerability VCID-yt33-nmzd-r3cs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3
1
url pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
purl pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-bhju-575k-ebh3
3
vulnerability VCID-e9ng-x516-53cf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1
aliases CVE-2021-21284, GHSA-7452-xqpj-6rpc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gund-83cy-9fap
3
url VCID-h83p-v26k-s7fa
vulnerability_id VCID-h83p-v26k-s7fa
summary A flaw in Docker allowed possible information leakage.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13401.json
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13401.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-13401
reference_id
reference_type
scores
0
value 0.1287
scoring_system epss
scoring_elements 0.94067
published_at 2026-04-21T12:55:00Z
1
value 0.1287
scoring_system epss
scoring_elements 0.94007
published_at 2026-04-01T12:55:00Z
2
value 0.1287
scoring_system epss
scoring_elements 0.94017
published_at 2026-04-02T12:55:00Z
3
value 0.1287
scoring_system epss
scoring_elements 0.94027
published_at 2026-04-04T12:55:00Z
4
value 0.1287
scoring_system epss
scoring_elements 0.9403
published_at 2026-04-07T12:55:00Z
5
value 0.1287
scoring_system epss
scoring_elements 0.94039
published_at 2026-04-08T12:55:00Z
6
value 0.1287
scoring_system epss
scoring_elements 0.94043
published_at 2026-04-09T12:55:00Z
7
value 0.1287
scoring_system epss
scoring_elements 0.94047
published_at 2026-04-13T12:55:00Z
8
value 0.1287
scoring_system epss
scoring_elements 0.94063
published_at 2026-04-16T12:55:00Z
9
value 0.1287
scoring_system epss
scoring_elements 0.94068
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-13401
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13401
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13401
4
reference_url https://docs.docker.com/engine/release-notes
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.docker.com/engine/release-notes
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/docker/docker-ce/releases/tag/v19.03.11
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/docker/docker-ce/releases/tag/v19.03.11
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-13401
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-13401
10
reference_url https://security.netapp.com/advisory/ntap-20200717-0002
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200717-0002
11
reference_url https://www.debian.org/security/2020/dsa-4716
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2020/dsa-4716
12
reference_url http://www.openwall.com/lists/oss-security/2020/06/01/5
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2020/06/01/5
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1833233
reference_id 1833233
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1833233
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962141
reference_id 962141
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962141
15
reference_url https://security.gentoo.org/glsa/202008-15
reference_id GLSA-202008-15
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202008-15
fixed_packages
0
url pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
purl pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6vru-hsfs-rufg
3
vulnerability VCID-bhju-575k-ebh3
4
vulnerability VCID-e9ng-x516-53cf
5
vulnerability VCID-gbw6-3a59-mbhu
6
vulnerability VCID-gund-83cy-9fap
7
vulnerability VCID-h83p-v26k-s7fa
8
vulnerability VCID-pevy-d197-zydv
9
vulnerability VCID-u44m-mgza-nfcx
10
vulnerability VCID-uckr-kzdf-7ydj
11
vulnerability VCID-yt33-nmzd-r3cs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3
1
url pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
purl pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-bhju-575k-ebh3
3
vulnerability VCID-e9ng-x516-53cf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1
aliases CVE-2020-13401, GHSA-qrrc-ww9x-r43g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h83p-v26k-s7fa
4
url VCID-pevy-d197-zydv
vulnerability_id VCID-pevy-d197-zydv
summary 
Moby Docker cp broken with debian containers
In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14271.json
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14271.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-14271
reference_id
reference_type
scores
0
value 0.72198
scoring_system epss
scoring_elements 0.98752
published_at 2026-04-12T12:55:00Z
1
value 0.72198
scoring_system epss
scoring_elements 0.98749
published_at 2026-04-09T12:55:00Z
2
value 0.72198
scoring_system epss
scoring_elements 0.98748
published_at 2026-04-07T12:55:00Z
3
value 0.72198
scoring_system epss
scoring_elements 0.98745
published_at 2026-04-04T12:55:00Z
4
value 0.72198
scoring_system epss
scoring_elements 0.98742
published_at 2026-04-02T12:55:00Z
5
value 0.72198
scoring_system epss
scoring_elements 0.98741
published_at 2026-04-01T12:55:00Z
6
value 0.72198
scoring_system epss
scoring_elements 0.98756
published_at 2026-04-18T12:55:00Z
7
value 0.72198
scoring_system epss
scoring_elements 0.98754
published_at 2026-04-13T12:55:00Z
8
value 0.72589
scoring_system epss
scoring_elements 0.98774
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-14271
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271
6
reference_url https://docs.docker.com/engine/release-notes
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://docs.docker.com/engine/release-notes
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/moby/moby
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby
9
reference_url https://github.com/moby/moby/commit/11e48badcb67554b3d795241855028f28d244545
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/commit/11e48badcb67554b3d795241855028f28d244545
10
reference_url https://github.com/moby/moby/commit/fa8dd90ceb7bcb9d554d27e0b9087ab83e54bd2b
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/commit/fa8dd90ceb7bcb9d554d27e0b9087ab83e54bd2b
11
reference_url https://github.com/moby/moby/issues/39449
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/issues/39449
12
reference_url https://github.com/moby/moby/pull/39612
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/pull/39612
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-14271
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-14271
14
reference_url https://seclists.org/bugtraq/2019/Sep/21
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/Sep/21
15
reference_url https://security.netapp.com/advisory/ntap-20190828-0003
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20190828-0003
16
reference_url https://www.debian.org/security/2019/dsa-4521
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4521
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1747222
reference_id 1747222
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1747222
fixed_packages
0
url pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
purl pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6vru-hsfs-rufg
3
vulnerability VCID-bhju-575k-ebh3
4
vulnerability VCID-e9ng-x516-53cf
5
vulnerability VCID-gbw6-3a59-mbhu
6
vulnerability VCID-gund-83cy-9fap
7
vulnerability VCID-h83p-v26k-s7fa
8
vulnerability VCID-pevy-d197-zydv
9
vulnerability VCID-u44m-mgza-nfcx
10
vulnerability VCID-uckr-kzdf-7ydj
11
vulnerability VCID-yt33-nmzd-r3cs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3
1
url pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
purl pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-bhju-575k-ebh3
3
vulnerability VCID-e9ng-x516-53cf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1
aliases CVE-2019-14271, GHSA-v2cv-wwxq-qq97
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pevy-d197-zydv
5
url VCID-u44m-mgza-nfcx
vulnerability_id VCID-u44m-mgza-nfcx
summary 
Secret insertion into debug log in Docker
In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13509.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13509.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-13509
reference_id
reference_type
scores
0
value 0.0155
scoring_system epss
scoring_elements 0.81451
published_at 2026-04-21T12:55:00Z
1
value 0.0155
scoring_system epss
scoring_elements 0.81432
published_at 2026-04-11T12:55:00Z
2
value 0.0155
scoring_system epss
scoring_elements 0.81419
published_at 2026-04-12T12:55:00Z
3
value 0.0155
scoring_system epss
scoring_elements 0.81412
published_at 2026-04-13T12:55:00Z
4
value 0.0155
scoring_system epss
scoring_elements 0.81449
published_at 2026-04-16T12:55:00Z
5
value 0.0155
scoring_system epss
scoring_elements 0.8145
published_at 2026-04-18T12:55:00Z
6
value 0.0155
scoring_system epss
scoring_elements 0.81348
published_at 2026-04-01T12:55:00Z
7
value 0.0155
scoring_system epss
scoring_elements 0.81357
published_at 2026-04-02T12:55:00Z
8
value 0.0155
scoring_system epss
scoring_elements 0.81379
published_at 2026-04-04T12:55:00Z
9
value 0.0155
scoring_system epss
scoring_elements 0.81377
published_at 2026-04-07T12:55:00Z
10
value 0.0155
scoring_system epss
scoring_elements 0.81405
published_at 2026-04-08T12:55:00Z
11
value 0.0155
scoring_system epss
scoring_elements 0.8141
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-13509
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271
5
reference_url https://docs.docker.com/engine/release-notes/18.09
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://docs.docker.com/engine/release-notes/18.09
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-13509
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-13509
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1732418
reference_id 1732418
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1732418
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932673
reference_id 932673
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932673
fixed_packages
0
url pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
purl pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6vru-hsfs-rufg
3
vulnerability VCID-bhju-575k-ebh3
4
vulnerability VCID-e9ng-x516-53cf
5
vulnerability VCID-gbw6-3a59-mbhu
6
vulnerability VCID-gund-83cy-9fap
7
vulnerability VCID-h83p-v26k-s7fa
8
vulnerability VCID-pevy-d197-zydv
9
vulnerability VCID-u44m-mgza-nfcx
10
vulnerability VCID-uckr-kzdf-7ydj
11
vulnerability VCID-yt33-nmzd-r3cs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3
1
url pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
purl pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-bhju-575k-ebh3
3
vulnerability VCID-e9ng-x516-53cf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1
aliases CVE-2019-13509, GHSA-j249-ghv5-7mxv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u44m-mgza-nfcx
6
url VCID-uckr-kzdf-7ydj
vulnerability_id VCID-uckr-kzdf-7ydj
summary 
moby docker daemon crash during image pull of malicious image
### Impact

Pulling an intentionally malformed Docker image manifest crashes the `dockerd` daemon.

### Patches

Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.

### Credits

Maintainers would like to thank Josh Larsen, Ian Coldwater, Duffie Cooley, Rory McCune for working on the vulnerability and Brad Geesaman for responsibly disclosing it to security@docker.com.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21285.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21285.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21285
reference_id
reference_type
scores
0
value 0.00351
scoring_system epss
scoring_elements 0.57546
published_at 2026-04-21T12:55:00Z
1
value 0.00351
scoring_system epss
scoring_elements 0.57569
published_at 2026-04-16T12:55:00Z
2
value 0.00351
scoring_system epss
scoring_elements 0.57541
published_at 2026-04-13T12:55:00Z
3
value 0.00351
scoring_system epss
scoring_elements 0.57515
published_at 2026-04-02T12:55:00Z
4
value 0.00351
scoring_system epss
scoring_elements 0.57431
published_at 2026-04-01T12:55:00Z
5
value 0.00351
scoring_system epss
scoring_elements 0.57568
published_at 2026-04-09T12:55:00Z
6
value 0.00351
scoring_system epss
scoring_elements 0.57563
published_at 2026-04-12T12:55:00Z
7
value 0.00351
scoring_system epss
scoring_elements 0.57583
published_at 2026-04-11T12:55:00Z
8
value 0.00351
scoring_system epss
scoring_elements 0.57536
published_at 2026-04-04T12:55:00Z
9
value 0.00351
scoring_system epss
scoring_elements 0.57512
published_at 2026-04-07T12:55:00Z
10
value 0.00351
scoring_system epss
scoring_elements 0.57565
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21285
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285
6
reference_url https://docs.docker.com/engine/release-notes/#20103
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.docker.com/engine/release-notes/#20103
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/moby/moby/commit/8d3179546e79065adefa67cc697c09d0ab137d30
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/commit/8d3179546e79065adefa67cc697c09d0ab137d30
9
reference_url https://github.com/moby/moby/releases/tag/v19.03.15
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/releases/tag/v19.03.15
10
reference_url https://github.com/moby/moby/releases/tag/v20.10.3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/releases/tag/v20.10.3
11
reference_url https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21285
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21285
13
reference_url https://security.gentoo.org/glsa/202107-23
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-23
14
reference_url https://security.netapp.com/advisory/ntap-20210226-0005
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210226-0005
15
reference_url https://www.debian.org/security/2021/dsa-4865
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-4865
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1924742
reference_id 1924742
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1924742
17
reference_url https://security.archlinux.org/ASA-202102-12
reference_id ASA-202102-12
reference_type
scores
url https://security.archlinux.org/ASA-202102-12
18
reference_url https://security.archlinux.org/AVG-1528
reference_id AVG-1528
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1528
fixed_packages
0
url pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
purl pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6vru-hsfs-rufg
3
vulnerability VCID-bhju-575k-ebh3
4
vulnerability VCID-e9ng-x516-53cf
5
vulnerability VCID-gbw6-3a59-mbhu
6
vulnerability VCID-gund-83cy-9fap
7
vulnerability VCID-h83p-v26k-s7fa
8
vulnerability VCID-pevy-d197-zydv
9
vulnerability VCID-u44m-mgza-nfcx
10
vulnerability VCID-uckr-kzdf-7ydj
11
vulnerability VCID-yt33-nmzd-r3cs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3
1
url pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
purl pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-bhju-575k-ebh3
3
vulnerability VCID-e9ng-x516-53cf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1
aliases CVE-2021-21285, GHSA-6fj5-m822-rqx8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uckr-kzdf-7ydj
7
url VCID-yt33-nmzd-r3cs
vulnerability_id VCID-yt33-nmzd-r3cs
summary docker: command injection due to a missing validation of the git ref command
references
0
reference_url https://access.redhat.com/errata/RHBA-2019:3092
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHBA-2019:3092
1
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13139.json
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13139.json
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-13139
reference_id
reference_type
scores
0
value 0.00548
scoring_system epss
scoring_elements 0.67846
published_at 2026-04-01T12:55:00Z
1
value 0.00548
scoring_system epss
scoring_elements 0.67939
published_at 2026-04-21T12:55:00Z
2
value 0.00548
scoring_system epss
scoring_elements 0.67907
published_at 2026-04-13T12:55:00Z
3
value 0.00548
scoring_system epss
scoring_elements 0.67945
published_at 2026-04-16T12:55:00Z
4
value 0.00548
scoring_system epss
scoring_elements 0.67958
published_at 2026-04-18T12:55:00Z
5
value 0.00548
scoring_system epss
scoring_elements 0.67869
published_at 2026-04-07T12:55:00Z
6
value 0.00548
scoring_system epss
scoring_elements 0.67888
published_at 2026-04-04T12:55:00Z
7
value 0.00548
scoring_system epss
scoring_elements 0.6792
published_at 2026-04-08T12:55:00Z
8
value 0.00548
scoring_system epss
scoring_elements 0.67933
published_at 2026-04-09T12:55:00Z
9
value 0.00548
scoring_system epss
scoring_elements 0.67957
published_at 2026-04-11T12:55:00Z
10
value 0.00548
scoring_system epss
scoring_elements 0.67943
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-13139
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271
6
reference_url https://docs.docker.com/engine/release-notes/#18094
reference_id
reference_type
scores
url https://docs.docker.com/engine/release-notes/#18094
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/moby/moby/pull/38944
reference_id
reference_type
scores
url https://github.com/moby/moby/pull/38944
9
reference_url https://seclists.org/bugtraq/2019/Sep/21
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2019/Sep/21
10
reference_url https://security.netapp.com/advisory/ntap-20190910-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20190910-0001/
11
reference_url https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/
reference_id
reference_type
scores
url https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/
12
reference_url https://www.debian.org/security/2019/dsa-4521
reference_id
reference_type
scores
url https://www.debian.org/security/2019/dsa-4521
13
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1732627
reference_id 1732627
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1732627
14
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933002
reference_id 933002
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933002
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:enterprise:*:*:*
reference_id cpe:2.3:a:docker:docker:*:*:*:*:enterprise:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:enterprise:*:*:*
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-13139
reference_id CVE-2019-13139
reference_type
scores
0
value 4.6
scoring_system cvssv2
scoring_elements AV:L/AC:L/Au:N/C:P/I:P/A:P
1
value 8.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-13139
fixed_packages
0
url pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
purl pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-6vru-hsfs-rufg
3
vulnerability VCID-bhju-575k-ebh3
4
vulnerability VCID-e9ng-x516-53cf
5
vulnerability VCID-gbw6-3a59-mbhu
6
vulnerability VCID-gund-83cy-9fap
7
vulnerability VCID-h83p-v26k-s7fa
8
vulnerability VCID-pevy-d197-zydv
9
vulnerability VCID-u44m-mgza-nfcx
10
vulnerability VCID-uckr-kzdf-7ydj
11
vulnerability VCID-yt33-nmzd-r3cs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3
1
url pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
purl pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3eju-5upk-auhy
1
vulnerability VCID-41ft-14gt-bbbq
2
vulnerability VCID-bhju-575k-ebh3
3
vulnerability VCID-e9ng-x516-53cf
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1
aliases CVE-2019-13139
risk_score 3.8
exploitability 0.5
weighted_severity 7.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yt33-nmzd-r3cs
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1