Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/podman@3.4.4-r0?arch=riscv64&distroversion=v3.23&reponame=community
Typeapk
Namespacealpine
Namepodman
Version3.4.4-r0
Qualifiers
arch riscv64
distroversion v3.23
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version4.0.3-r0
Latest_non_vulnerable_version5.7.0-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-e4bk-d465-juhk
vulnerability_id VCID-e4bk-d465-juhk
summary 
Clarify Content-Type handling
### Impact
In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifests” and “layers” fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently.

### Patches
The OCI Distribution Specification will be updated to require that a `mediaType` value present in a manifest or index match the Content-Type header used during the push and pull operations.

### Workarounds
Clients pulling from a registry may distrust the Content-Type header and reject an ambiguous document that contains both “manifests” and “layers” fields or “manifests” and “config” fields.

### References
https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh

### For more information
If you have any questions or comments about this advisory:
* Open an issue in https://github.com/opencontainers/distribution-spec/
* Email us at security@opencontainers.org
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41190.json
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41190.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41190
reference_id
reference_type
scores
0
value 0.00401
scoring_system epss
scoring_elements 0.60823
published_at 2026-04-18T12:55:00Z
1
value 0.00401
scoring_system epss
scoring_elements 0.60817
published_at 2026-04-16T12:55:00Z
2
value 0.00401
scoring_system epss
scoring_elements 0.60775
published_at 2026-04-13T12:55:00Z
3
value 0.00401
scoring_system epss
scoring_elements 0.60653
published_at 2026-04-01T12:55:00Z
4
value 0.00401
scoring_system epss
scoring_elements 0.60786
published_at 2026-04-09T12:55:00Z
5
value 0.00401
scoring_system epss
scoring_elements 0.60771
published_at 2026-04-08T12:55:00Z
6
value 0.00401
scoring_system epss
scoring_elements 0.60722
published_at 2026-04-07T12:55:00Z
7
value 0.00401
scoring_system epss
scoring_elements 0.60757
published_at 2026-04-04T12:55:00Z
8
value 0.00401
scoring_system epss
scoring_elements 0.60727
published_at 2026-04-02T12:55:00Z
9
value 0.00401
scoring_system epss
scoring_elements 0.60794
published_at 2026-04-12T12:55:00Z
10
value 0.00401
scoring_system epss
scoring_elements 0.60808
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41190
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/opencontainers/distribution-spec
reference_id
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/opencontainers/distribution-spec
4
reference_url https://github.com/opencontainers/distribution-spec/commit/ac28cac0557bcd3084714ab09f9f2356fe504923
reference_id
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/opencontainers/distribution-spec/commit/ac28cac0557bcd3084714ab09f9f2356fe504923
5
reference_url https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m
reference_id
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TUZNDAH2B26VPBK342UC3BHZNLBUXGX
reference_id
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TUZNDAH2B26VPBK342UC3BHZNLBUXGX
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4334HT7AZPLWNYHW4ARU6JBUF3VZJPZN
reference_id
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4334HT7AZPLWNYHW4ARU6JBUF3VZJPZN
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A2RRFNTMFYKOTRKD37F5ANMCIO3GGJML
reference_id
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A2RRFNTMFYKOTRKD37F5ANMCIO3GGJML
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DX63GRWFEI5RVMYV6XLMCG4OHPWZML27
reference_id
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DX63GRWFEI5RVMYV6XLMCG4OHPWZML27
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZTO6N55WHKHIZI4IMLY2QFBPMVTAERM
reference_id
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RZTO6N55WHKHIZI4IMLY2QFBPMVTAERM
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQBCYJUIM5GVCMFUPRWKRZNXMMI5EFA4
reference_id
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SQBCYJUIM5GVCMFUPRWKRZNXMMI5EFA4
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4OJ764CKKCWCVONHD4YXTGR7HZ7LRUV
reference_id
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4OJ764CKKCWCVONHD4YXTGR7HZ7LRUV
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YIGVQWOA5XXCQXEOOKZX4CDAGLBDRPRX
reference_id
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YIGVQWOA5XXCQXEOOKZX4CDAGLBDRPRX
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41190
reference_id
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41190
15
reference_url http://www.openwall.com/lists/oss-security/2021/11/19/10
reference_id
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/11/19/10
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2024938
reference_id 2024938
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2024938
17
reference_url https://security.archlinux.org/AVG-2573
reference_id AVG-2573
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2573
18
reference_url https://security.archlinux.org/AVG-2574
reference_id AVG-2574
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2574
19
reference_url https://security.archlinux.org/AVG-2591
reference_id AVG-2591
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2591
20
reference_url https://access.redhat.com/errata/RHSA-2022:0055
reference_id RHSA-2022:0055
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0055
21
reference_url https://access.redhat.com/errata/RHSA-2022:0687
reference_id RHSA-2022:0687
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0687
22
reference_url https://access.redhat.com/errata/RHSA-2022:1734
reference_id RHSA-2022:1734
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1734
23
reference_url https://access.redhat.com/errata/RHSA-2022:4880
reference_id RHSA-2022:4880
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4880
24
reference_url https://access.redhat.com/errata/RHSA-2022:5069
reference_id RHSA-2022:5069
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5069
25
reference_url https://access.redhat.com/errata/RHSA-2022:7457
reference_id RHSA-2022:7457
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7457
fixed_packages
0
url pkg:apk/alpine/podman@3.4.4-r0?arch=riscv64&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/podman@3.4.4-r0?arch=riscv64&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podman@3.4.4-r0%3Farch=riscv64&distroversion=v3.23&reponame=community
aliases CVE-2021-41190, GHSA-mc8v-mgrf-8f4m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e4bk-d465-juhk
1
url VCID-mzjw-b6mh-nugs
vulnerability_id VCID-mzjw-b6mh-nugs
summary 
Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman
A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4024.json
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4024.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-4024
reference_id
reference_type
scores
0
value 0.00095
scoring_system epss
scoring_elements 0.26419
published_at 2026-04-18T12:55:00Z
1
value 0.00095
scoring_system epss
scoring_elements 0.26449
published_at 2026-04-16T12:55:00Z
2
value 0.00095
scoring_system epss
scoring_elements 0.26636
published_at 2026-04-04T12:55:00Z
3
value 0.00095
scoring_system epss
scoring_elements 0.26541
published_at 2026-04-01T12:55:00Z
4
value 0.00095
scoring_system epss
scoring_elements 0.2649
published_at 2026-04-08T12:55:00Z
5
value 0.00095
scoring_system epss
scoring_elements 0.26592
published_at 2026-04-02T12:55:00Z
6
value 0.00095
scoring_system epss
scoring_elements 0.26421
published_at 2026-04-07T12:55:00Z
7
value 0.00095
scoring_system epss
scoring_elements 0.26442
published_at 2026-04-13T12:55:00Z
8
value 0.00095
scoring_system epss
scoring_elements 0.26499
published_at 2026-04-12T12:55:00Z
9
value 0.00095
scoring_system epss
scoring_elements 0.26546
published_at 2026-04-11T12:55:00Z
10
value 0.00095
scoring_system epss
scoring_elements 0.26539
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-4024
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2026675,
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2026675,
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/containers/podman
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containers/podman
5
reference_url https://github.com/containers/podman/releases/tag/v3.4.3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containers/podman/releases/tag/v3.4.3
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFFVJ6S3ZRMPDYB7KYAWEMDHXFZYQPU3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFFVJ6S3ZRMPDYB7KYAWEMDHXFZYQPU3
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-4024
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-4024
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000844
reference_id 1000844
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000844
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2026675
reference_id 2026675
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2026675
10
reference_url https://security.archlinux.org/AVG-2591
reference_id AVG-2591
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2591
11
reference_url https://security.gentoo.org/glsa/202407-12
reference_id GLSA-202407-12
reference_type
scores
url https://security.gentoo.org/glsa/202407-12
12
reference_url https://access.redhat.com/errata/RHSA-2022:7954
reference_id RHSA-2022:7954
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7954
13
reference_url https://access.redhat.com/errata/RHSA-2024:10289
reference_id RHSA-2024:10289
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:10289
fixed_packages
0
url pkg:apk/alpine/podman@3.4.4-r0?arch=riscv64&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/podman@3.4.4-r0?arch=riscv64&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podman@3.4.4-r0%3Farch=riscv64&distroversion=v3.23&reponame=community
aliases CVE-2021-4024, GHSA-3cf2-x423-x582
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mzjw-b6mh-nugs
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/podman@3.4.4-r0%3Farch=riscv64&distroversion=v3.23&reponame=community