Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/docker@20.10.3-r0?arch=armhf&distroversion=v3.23&reponame=community
Typeapk
Namespacealpine
Namedocker
Version20.10.3-r0
Qualifiers
arch armhf
distroversion v3.23
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version20.10.9-r0
Latest_non_vulnerable_version29.1.2-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-gund-83cy-9fap
vulnerability_id VCID-gund-83cy-9fap
summary 
moby Access to remapped root allows privilege escalation to real root
### Impact

When using `--userns-remap`, if the root user in the remapped namespace has access to the host filesystem they can modify files under `/var/lib/docker/<remapping>` that cause writing files with extended privileges.

### Patches

Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.

### Credits

Maintainers would like to thank Alex Chapman for discovering the vulnerability; @awprice, @nathanburrell, @raulgomis, @chris-walz, @erin-jensby, @bassmatt, @mark-adams, @dbaxa for working on it and Zac Ellis for responsibly disclosing it to security@docker.com
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21284.json
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21284.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21284
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05518
published_at 2026-04-21T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05357
published_at 2026-04-18T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05401
published_at 2026-04-13T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.05409
published_at 2026-04-12T12:55:00Z
4
value 0.0002
scoring_system epss
scoring_elements 0.05422
published_at 2026-04-11T12:55:00Z
5
value 0.0002
scoring_system epss
scoring_elements 0.05448
published_at 2026-04-09T12:55:00Z
6
value 0.0002
scoring_system epss
scoring_elements 0.05426
published_at 2026-04-08T12:55:00Z
7
value 0.0002
scoring_system epss
scoring_elements 0.05392
published_at 2026-04-07T12:55:00Z
8
value 0.0002
scoring_system epss
scoring_elements 0.05384
published_at 2026-04-04T12:55:00Z
9
value 0.0002
scoring_system epss
scoring_elements 0.05354
published_at 2026-04-16T12:55:00Z
10
value 0.0002
scoring_system epss
scoring_elements 0.05312
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21284
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285
6
reference_url https://docs.docker.com/engine/release-notes/#20103
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.docker.com/engine/release-notes/#20103
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/moby/moby/commit/64bd4485b3a66a597c02c95f5776395e540b2c7c
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/commit/64bd4485b3a66a597c02c95f5776395e540b2c7c
9
reference_url https://github.com/moby/moby/releases/tag/v19.03.15
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/releases/tag/v19.03.15
10
reference_url https://github.com/moby/moby/releases/tag/v20.10.3
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/releases/tag/v20.10.3
11
reference_url https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21284
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21284
13
reference_url https://security.gentoo.org/glsa/202107-23
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-23
14
reference_url https://security.netapp.com/advisory/ntap-20210226-0005
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210226-0005
15
reference_url https://www.debian.org/security/2021/dsa-4865
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-4865
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1924740
reference_id 1924740
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1924740
17
reference_url https://security.archlinux.org/ASA-202102-12
reference_id ASA-202102-12
reference_type
scores
url https://security.archlinux.org/ASA-202102-12
18
reference_url https://security.archlinux.org/AVG-1528
reference_id AVG-1528
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1528
fixed_packages
0
url pkg:apk/alpine/docker@20.10.3-r0?arch=armhf&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/docker@20.10.3-r0?arch=armhf&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.3-r0%3Farch=armhf&distroversion=v3.23&reponame=community
aliases CVE-2021-21284, GHSA-7452-xqpj-6rpc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gund-83cy-9fap
1
url VCID-uckr-kzdf-7ydj
vulnerability_id VCID-uckr-kzdf-7ydj
summary 
moby docker daemon crash during image pull of malicious image
### Impact

Pulling an intentionally malformed Docker image manifest crashes the `dockerd` daemon.

### Patches

Versions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.

### Credits

Maintainers would like to thank Josh Larsen, Ian Coldwater, Duffie Cooley, Rory McCune for working on the vulnerability and Brad Geesaman for responsibly disclosing it to security@docker.com.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21285.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21285.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21285
reference_id
reference_type
scores
0
value 0.00351
scoring_system epss
scoring_elements 0.57546
published_at 2026-04-21T12:55:00Z
1
value 0.00351
scoring_system epss
scoring_elements 0.57569
published_at 2026-04-16T12:55:00Z
2
value 0.00351
scoring_system epss
scoring_elements 0.57541
published_at 2026-04-13T12:55:00Z
3
value 0.00351
scoring_system epss
scoring_elements 0.57515
published_at 2026-04-02T12:55:00Z
4
value 0.00351
scoring_system epss
scoring_elements 0.57431
published_at 2026-04-01T12:55:00Z
5
value 0.00351
scoring_system epss
scoring_elements 0.57568
published_at 2026-04-09T12:55:00Z
6
value 0.00351
scoring_system epss
scoring_elements 0.57563
published_at 2026-04-12T12:55:00Z
7
value 0.00351
scoring_system epss
scoring_elements 0.57583
published_at 2026-04-11T12:55:00Z
8
value 0.00351
scoring_system epss
scoring_elements 0.57536
published_at 2026-04-04T12:55:00Z
9
value 0.00351
scoring_system epss
scoring_elements 0.57512
published_at 2026-04-07T12:55:00Z
10
value 0.00351
scoring_system epss
scoring_elements 0.57565
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21285
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285
6
reference_url https://docs.docker.com/engine/release-notes/#20103
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://docs.docker.com/engine/release-notes/#20103
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/moby/moby/commit/8d3179546e79065adefa67cc697c09d0ab137d30
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/commit/8d3179546e79065adefa67cc697c09d0ab137d30
9
reference_url https://github.com/moby/moby/releases/tag/v19.03.15
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/releases/tag/v19.03.15
10
reference_url https://github.com/moby/moby/releases/tag/v20.10.3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/releases/tag/v20.10.3
11
reference_url https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21285
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21285
13
reference_url https://security.gentoo.org/glsa/202107-23
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202107-23
14
reference_url https://security.netapp.com/advisory/ntap-20210226-0005
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20210226-0005
15
reference_url https://www.debian.org/security/2021/dsa-4865
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-4865
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1924742
reference_id 1924742
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1924742
17
reference_url https://security.archlinux.org/ASA-202102-12
reference_id ASA-202102-12
reference_type
scores
url https://security.archlinux.org/ASA-202102-12
18
reference_url https://security.archlinux.org/AVG-1528
reference_id AVG-1528
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1528
fixed_packages
0
url pkg:apk/alpine/docker@20.10.3-r0?arch=armhf&distroversion=v3.23&reponame=community
purl pkg:apk/alpine/docker@20.10.3-r0?arch=armhf&distroversion=v3.23&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.3-r0%3Farch=armhf&distroversion=v3.23&reponame=community
aliases CVE-2021-21285, GHSA-6fj5-m822-rqx8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uckr-kzdf-7ydj
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.3-r0%3Farch=armhf&distroversion=v3.23&reponame=community