Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:apk/alpine/buildah@1.35.4-r0?arch=x86_64&distroversion=v3.20&reponame=community

Type apk

Namespace alpine

Name buildah

Version 1.35.4-r0

Qualifiers

arch	x86_64
distroversion	v3.20
reponame	community

Subpath

Is_vulnerable false

Next_non_vulnerable_version 1.37.4-r0

Latest_non_vulnerable_version 1.37.5-r0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-52c5-4udv-jydb

vulnerability_id VCID-52c5-4udv-jydb

summary

github.com/containers/image allows unexpected authenticated registry accesses
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

references

reference_url

https://access.redhat.com/errata/RHSA-2024:0045

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:59:41Z/

url

https://access.redhat.com/errata/RHSA-2024:0045

reference_url

https://access.redhat.com/errata/RHSA-2024:3718

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:59:41Z/

url

https://access.redhat.com/errata/RHSA-2024:3718

reference_url

https://access.redhat.com/errata/RHSA-2024:4159

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:59:41Z/

url

https://access.redhat.com/errata/RHSA-2024:4159

reference_url

https://access.redhat.com/errata/RHSA-2024:4613

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:59:41Z/

url

https://access.redhat.com/errata/RHSA-2024:4613

reference_url

https://access.redhat.com/errata/RHSA-2024:4850

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:59:41Z/

url

https://access.redhat.com/errata/RHSA-2024:4850

reference_url

https://access.redhat.com/errata/RHSA-2024:4960

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:59:41Z/

url

https://access.redhat.com/errata/RHSA-2024:4960

reference_url

https://access.redhat.com/errata/RHSA-2024:5258

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:59:41Z/

url

https://access.redhat.com/errata/RHSA-2024:5258

reference_url

https://access.redhat.com/errata/RHSA-2024:5951

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:59:41Z/

url

https://access.redhat.com/errata/RHSA-2024:5951

reference_url

https://access.redhat.com/errata/RHSA-2024:6054

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:59:41Z/

url

https://access.redhat.com/errata/RHSA-2024:6054

reference_url

https://access.redhat.com/errata/RHSA-2024:6122

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:59:41Z/

url

https://access.redhat.com/errata/RHSA-2024:6122

reference_url

https://access.redhat.com/errata/RHSA-2024:6708

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:59:41Z/

url

https://access.redhat.com/errata/RHSA-2024:6708

reference_url

https://access.redhat.com/errata/RHSA-2024:6818

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:59:41Z/

url

https://access.redhat.com/errata/RHSA-2024:6818

reference_url

https://access.redhat.com/errata/RHSA-2024:6824

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:59:41Z/

url

https://access.redhat.com/errata/RHSA-2024:6824

reference_url

https://access.redhat.com/errata/RHSA-2024:7164

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:59:41Z/

url

https://access.redhat.com/errata/RHSA-2024:7164

reference_url

https://access.redhat.com/errata/RHSA-2024:7174

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:59:41Z/

url

https://access.redhat.com/errata/RHSA-2024:7174

reference_url

https://access.redhat.com/errata/RHSA-2024:7182

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:59:41Z/

url

https://access.redhat.com/errata/RHSA-2024:7182

reference_url

https://access.redhat.com/errata/RHSA-2024:7187

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:59:41Z/

url

https://access.redhat.com/errata/RHSA-2024:7187

reference_url

https://access.redhat.com/errata/RHSA-2024:7922

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:59:41Z/

url

https://access.redhat.com/errata/RHSA-2024:7922

reference_url

https://access.redhat.com/errata/RHSA-2024:7941

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:59:41Z/

url

https://access.redhat.com/errata/RHSA-2024:7941

reference_url

https://access.redhat.com/errata/RHSA-2024:8260

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:59:41Z/

url

https://access.redhat.com/errata/RHSA-2024:8260

reference_url

https://access.redhat.com/errata/RHSA-2024:8425

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:59:41Z/

url

https://access.redhat.com/errata/RHSA-2024:8425

reference_url

https://access.redhat.com/errata/RHSA-2024:9097

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:59:41Z/

url

https://access.redhat.com/errata/RHSA-2024:9097

reference_url

https://access.redhat.com/errata/RHSA-2024:9098

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:59:41Z/

url

https://access.redhat.com/errata/RHSA-2024:9098

reference_url

https://access.redhat.com/errata/RHSA-2024:9102

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:59:41Z/

url

https://access.redhat.com/errata/RHSA-2024:9102

reference_url

https://access.redhat.com/errata/RHSA-2024:9960

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:59:41Z/

url

https://access.redhat.com/errata/RHSA-2024:9960

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3727.json

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3727.json

reference_url

https://access.redhat.com/security/cve/CVE-2024-3727

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:59:41Z/

url

https://access.redhat.com/security/cve/CVE-2024-3727

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-3727

reference_id

reference_type

scores

value	0.00488
scoring_system	epss
scoring_elements	0.65523
published_at	2026-04-21T12:55:00Z

value	0.00559
scoring_system	epss
scoring_elements	0.68289
published_at	2026-04-18T12:55:00Z

value	0.00559
scoring_system	epss
scoring_elements	0.68285
published_at	2026-04-11T12:55:00Z

value	0.00559
scoring_system	epss
scoring_elements	0.68272
published_at	2026-04-12T12:55:00Z

value	0.00559
scoring_system	epss
scoring_elements	0.68238
published_at	2026-04-13T12:55:00Z

value	0.00559
scoring_system	epss
scoring_elements	0.68278
published_at	2026-04-16T12:55:00Z

value	0.00575
scoring_system	epss
scoring_elements	0.68745
published_at	2026-04-08T12:55:00Z

value	0.00575
scoring_system	epss
scoring_elements	0.68693
published_at	2026-04-07T12:55:00Z

value	0.00575
scoring_system	epss
scoring_elements	0.68715
published_at	2026-04-04T12:55:00Z

value	0.00575
scoring_system	epss
scoring_elements	0.68697
published_at	2026-04-02T12:55:00Z

value	0.00575
scoring_system	epss
scoring_elements	0.68764
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-3727

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2274767

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-13T17:59:41Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2274767

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3727
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3727

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-6wvf-f2vw-3425

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-6wvf-f2vw-3425

reference_url

https://github.com/containers/image

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/containers/image

reference_url

https://github.com/containers/image/commit/132678b47bae29c710589012668cb85859d88385

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/containers/image/commit/132678b47bae29c710589012668cb85859d88385

reference_url

https://github.com/containers/image/commit/e8948046055060605bd68289d406ce149590c33a

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/containers/image/commit/e8948046055060605bd68289d406ce149590c33a

reference_url

https://github.com/containers/image/releases/tag/v5.29.3

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/containers/image/releases/tag/v5.29.3

reference_url

https://github.com/containers/image/releases/tag/v5.30.1

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/containers/image/releases/tag/v5.30.1

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HEYS34N55G7NOQZKNEXZKQVNDGEICCD

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6B37TXOKTKDBE2V26X2NSP7JKNMZOFVP

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CYT3D2P3OJKISNFKOOHGY6HCUCQZYAVR

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLND3YDQQRWVRIUPL2G5UKXP5L3VSBBT

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTOMYERG5ND4QFDHC4ZSGCED3T3ESRSC

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBZQ2ZRMFEUQ35235B2HWPSXGDCBZHFV

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QFXMF3VVKIZN7ZMB7PKZCSWV6MOMTGMQ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFVSMR7TNLO2KPWJSW4CF64C2QMQXCIN

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-3727

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-3727

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070858
reference_id	1070858
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070858

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:acm:2
reference_id	cpe:/a:redhat:acm:2
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:acm:2

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_cluster_security:3
reference_id	cpe:/a:redhat:advanced_cluster_security:3
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_cluster_security:3

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_cluster_security:4.4::el8
reference_id	cpe:/a:redhat:advanced_cluster_security:4.4::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_cluster_security:4.4::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_cluster_security:4.5::el8
reference_id	cpe:/a:redhat:advanced_cluster_security:4.5::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:advanced_cluster_security:4.5::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform
reference_id	cpe:/a:redhat:ansible_automation_platform
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2
reference_id	cpe:/a:redhat:ansible_automation_platform:2
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:assisted_installer:1
reference_id	cpe:/a:redhat:assisted_installer:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:assisted_installer:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:container_native_virtualization:4
reference_id	cpe:/a:redhat:container_native_virtualization:4
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:container_native_virtualization:4

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:container_native_virtualization:4.15::el9
reference_id	cpe:/a:redhat:container_native_virtualization:4.15::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:container_native_virtualization:4.15::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
reference_id	cpe:/a:redhat:enterprise_linux:8::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
reference_id	cpe:/a:redhat:enterprise_linux:9::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:multicluster_engine
reference_id	cpe:/a:redhat:multicluster_engine
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:multicluster_engine

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ocp_tools
reference_id	cpe:/a:redhat:ocp_tools
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ocp_tools

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:3.11
reference_id	cpe:/a:redhat:openshift:3.11
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:3.11

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
reference_id	cpe:/a:redhat:openshift:4
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el8
reference_id	cpe:/a:redhat:openshift:4.13::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9
reference_id	cpe:/a:redhat:openshift:4.13::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el8
reference_id	cpe:/a:redhat:openshift:4.14::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9
reference_id	cpe:/a:redhat:openshift:4.14::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el8
reference_id	cpe:/a:redhat:openshift:4.15::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9
reference_id	cpe:/a:redhat:openshift:4.15::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el8
reference_id	cpe:/a:redhat:openshift:4.16::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9
reference_id	cpe:/a:redhat:openshift:4.16::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9
reference_id	cpe:/a:redhat:openshift:4.17::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9
reference_id	cpe:/a:redhat:openshift:4.18::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_api_data_protection:1.3::el9
reference_id	cpe:/a:redhat:openshift_api_data_protection:1.3::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_api_data_protection:1.3::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_devspaces:3
reference_id	cpe:/a:redhat:openshift_devspaces:3
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_devspaces:3

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_ironic:4.13::el9
reference_id	cpe:/a:redhat:openshift_ironic:4.13::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_ironic:4.13::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_ironic:4.14::el9
reference_id	cpe:/a:redhat:openshift_ironic:4.14::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_ironic:4.14::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_ironic:4.15::el9
reference_id	cpe:/a:redhat:openshift_ironic:4.15::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_ironic:4.15::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_ironic:4.16::el9
reference_id	cpe:/a:redhat:openshift_ironic:4.16::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_ironic:4.16::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_sandboxed_containers:1
reference_id	cpe:/a:redhat:openshift_sandboxed_containers:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_sandboxed_containers:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:16.2
reference_id	cpe:/a:redhat:openstack:16.2
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openstack:16.2

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quay:3
reference_id	cpe:/a:redhat:quay:3
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quay:3

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhmt:1.8::el8
reference_id	cpe:/a:redhat:rhmt:1.8::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhmt:1.8::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1
reference_id	cpe:/a:redhat:serverless:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:serverless:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:source_to_image:1
reference_id	cpe:/a:redhat:source_to_image:1
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:source_to_image:1

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10
reference_id	cpe:/o:redhat:enterprise_linux:10
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id	cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id	cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id	cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9

fixed_packages

url	pkg:apk/alpine/buildah@1.35.4-r0?arch=x86_64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/buildah@1.35.4-r0?arch=x86_64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.35.4-r0%3Farch=x86_64&distroversion=v3.20&reponame=community

aliases CVE-2024-3727, GHSA-6wvf-f2vw-3425

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-52c5-4udv-jydb

url VCID-bq1t-9nnj-mkes

vulnerability_id VCID-bq1t-9nnj-mkes

summary

Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)
### Impact
An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). Thanks to Enze Wang@Alioth and Jianjun Chen@Zhongguancun Lab (@zer0yu and @chenjj) for reporting.

### Patches
The problem is fixed in the following packages and versions:
- github.com/go-jose/go-jose/v4 version 4.0.1
- github.com/go-jose/go-jose/v3 version 3.0.3
- gopkg.in/go-jose/go-jose.v2 version 2.6.3

The problem will not be fixed in the following package because the package is archived:
- gopkg.in/square/go-jose.v2

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28180.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28180.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-28180

reference_id

reference_type

scores

value	0.04859
scoring_system	epss
scoring_elements	0.89559
published_at	2026-04-21T12:55:00Z

value	0.04859
scoring_system	epss
scoring_elements	0.89563
published_at	2026-04-18T12:55:00Z

value	0.04859
scoring_system	epss
scoring_elements	0.89561
published_at	2026-04-16T12:55:00Z

value	0.04859
scoring_system	epss
scoring_elements	0.89547
published_at	2026-04-13T12:55:00Z

value	0.04859
scoring_system	epss
scoring_elements	0.89545
published_at	2026-04-09T12:55:00Z

value	0.04859
scoring_system	epss
scoring_elements	0.89542
published_at	2026-04-08T12:55:00Z

value	0.04859
scoring_system	epss
scoring_elements	0.89552
published_at	2026-04-12T12:55:00Z

value	0.04859
scoring_system	epss
scoring_elements	0.89553
published_at	2026-04-11T12:55:00Z

value	0.04859
scoring_system	epss
scoring_elements	0.89513
published_at	2026-04-02T12:55:00Z

value	0.04859
scoring_system	epss
scoring_elements	0.89526
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-28180

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28180
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28180

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/go-jose/go-jose

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/go-jose/go-jose

reference_url

https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-11T15:08:38Z/

url

https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298

reference_url

https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-11T15:08:38Z/

url

https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a

reference_url

https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-11T15:08:38Z/

url

https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502

reference_url

https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-11T15:08:38Z/

url

https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-28180

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-28180

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065814
reference_id	1065814
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065814

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2268854
reference_id	2268854
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2268854

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/

reference_id

GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-11T15:08:38Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG/

reference_id

I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-11T15:08:38Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ/

reference_id

IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-11T15:08:38Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5/

reference_id

JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-11T15:08:38Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY/

reference_id

KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-11T15:08:38Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS/

reference_id

MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-11T15:08:38Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS/

reference_url	https://access.redhat.com/errata/RHSA-2024:1456
reference_id	RHSA-2024:1456
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1456

reference_url	https://access.redhat.com/errata/RHSA-2024:1570
reference_id	RHSA-2024:1570
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1570

reference_url	https://access.redhat.com/errata/RHSA-2024:1812
reference_id	RHSA-2024:1812
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1812

reference_url	https://access.redhat.com/errata/RHSA-2024:1859
reference_id	RHSA-2024:1859
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1859

reference_url	https://access.redhat.com/errata/RHSA-2024:1946
reference_id	RHSA-2024:1946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1946

reference_url	https://access.redhat.com/errata/RHSA-2024:2054
reference_id	RHSA-2024:2054
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2054

reference_url	https://access.redhat.com/errata/RHSA-2024:2071
reference_id	RHSA-2024:2071
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2071

reference_url	https://access.redhat.com/errata/RHSA-2024:2096
reference_id	RHSA-2024:2096
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2096

reference_url	https://access.redhat.com/errata/RHSA-2024:2549
reference_id	RHSA-2024:2549
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2549

reference_url	https://access.redhat.com/errata/RHSA-2024:2639
reference_id	RHSA-2024:2639
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2639

reference_url	https://access.redhat.com/errata/RHSA-2024:2773
reference_id	RHSA-2024:2773
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2773

reference_url	https://access.redhat.com/errata/RHSA-2024:2776
reference_id	RHSA-2024:2776
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2776

reference_url	https://access.redhat.com/errata/RHSA-2024:2865
reference_id	RHSA-2024:2865
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2865

reference_url	https://access.redhat.com/errata/RHSA-2024:2869
reference_id	RHSA-2024:2869
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2869

reference_url	https://access.redhat.com/errata/RHSA-2024:2875
reference_id	RHSA-2024:2875
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2875

reference_url	https://access.redhat.com/errata/RHSA-2024:3327
reference_id	RHSA-2024:3327
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3327

reference_url	https://access.redhat.com/errata/RHSA-2024:3349
reference_id	RHSA-2024:3349
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3349

reference_url	https://access.redhat.com/errata/RHSA-2024:3351
reference_id	RHSA-2024:3351
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3351

reference_url	https://access.redhat.com/errata/RHSA-2024:3523
reference_id	RHSA-2024:3523
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3523

reference_url	https://access.redhat.com/errata/RHSA-2024:3826
reference_id	RHSA-2024:3826
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3826

reference_url	https://access.redhat.com/errata/RHSA-2024:3827
reference_id	RHSA-2024:3827
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3827

reference_url	https://access.redhat.com/errata/RHSA-2024:3968
reference_id	RHSA-2024:3968
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3968

reference_url	https://access.redhat.com/errata/RHSA-2024:4006
reference_id	RHSA-2024:4006
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4006

reference_url	https://access.redhat.com/errata/RHSA-2024:4010
reference_id	RHSA-2024:4010
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4010

reference_url	https://access.redhat.com/errata/RHSA-2024:4041
reference_id	RHSA-2024:4041
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4041

reference_url	https://access.redhat.com/errata/RHSA-2024:4455
reference_id	RHSA-2024:4455
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4455

reference_url	https://access.redhat.com/errata/RHSA-2024:4484
reference_id	RHSA-2024:4484
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4484

reference_url	https://access.redhat.com/errata/RHSA-2024:6209
reference_id	RHSA-2024:6209
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6209

reference_url	https://access.redhat.com/errata/RHSA-2024:7179
reference_id	RHSA-2024:7179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:7179

reference_url	https://access.redhat.com/errata/RHSA-2024:8229
reference_id	RHSA-2024:8229
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8229

reference_url	https://access.redhat.com/errata/RHSA-2024:8235
reference_id	RHSA-2024:8235
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8235

reference_url	https://access.redhat.com/errata/RHSA-2024:8974
reference_id	RHSA-2024:8974
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8974

reference_url	https://access.redhat.com/errata/RHSA-2025:0536
reference_id	RHSA-2025:0536
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0536

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG/

reference_id

UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-11T15:08:38Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY/

reference_id

UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-11T15:08:38Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH/

reference_id

XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-11T15:08:38Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH/

fixed_packages

url	pkg:apk/alpine/buildah@1.35.4-r0?arch=x86_64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/buildah@1.35.4-r0?arch=x86_64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.35.4-r0%3Farch=x86_64&distroversion=v3.20&reponame=community

aliases CVE-2024-28180, GHSA-c5q2-7r4c-mv6g

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bq1t-9nnj-mkes

url VCID-f8ak-21d8-juff

vulnerability_id VCID-f8ak-21d8-juff

summary

Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24786.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24786.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-24786

reference_id

reference_type

scores

value	0.00313
scoring_system	epss
scoring_elements	0.54531
published_at	2026-04-18T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54528
published_at	2026-04-16T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.5449
published_at	2026-04-13T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54511
published_at	2026-04-12T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54529
published_at	2026-04-11T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54517
published_at	2026-04-09T12:55:00Z

value	0.00313
scoring_system	epss
scoring_elements	0.54523
published_at	2026-04-08T12:55:00Z

value	0.00322
scoring_system	epss
scoring_elements	0.55266
published_at	2026-04-02T12:55:00Z

value	0.00322
scoring_system	epss
scoring_elements	0.5527
published_at	2026-04-07T12:55:00Z

value	0.00322
scoring_system	epss
scoring_elements	0.55289
published_at	2026-04-04T12:55:00Z

value	0.00393
scoring_system	epss
scoring_elements	0.60287
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-24786

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/protocolbuffers/protobuf-go

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf-go

reference_url

https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023

reference_url

https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0

reference_url

https://go.dev/cl/569356

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T16:22:27Z/

url

https://go.dev/cl/569356

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-24786

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-24786

reference_url

https://pkg.go.dev/vuln/GO-2024-2611

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T16:22:27Z/

url

https://pkg.go.dev/vuln/GO-2024-2611

reference_url

https://security.netapp.com/advisory/ntap-20240517-0002

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240517-0002

reference_url

http://www.openwall.com/lists/oss-security/2024/03/08/4

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	6.6
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T16:22:27Z/

url

http://www.openwall.com/lists/oss-security/2024/03/08/4

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065684
reference_id	1065684
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065684

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2268046
reference_id	2268046
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2268046

reference_url	https://security.gentoo.org/glsa/202407-12
reference_id	GLSA-202407-12
reference_type
scores
url	https://security.gentoo.org/glsa/202407-12

reference_url	https://security.gentoo.org/glsa/202407-25
reference_id	GLSA-202407-25
reference_type
scores
url	https://security.gentoo.org/glsa/202407-25

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/

reference_id

JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T16:22:27Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/

reference_url

https://security.netapp.com/advisory/ntap-20240517-0002/

reference_id

ntap-20240517-0002

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T16:22:27Z/

url

https://security.netapp.com/advisory/ntap-20240517-0002/

reference_url	https://access.redhat.com/errata/RHSA-2024:0040
reference_id	RHSA-2024:0040
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0040

reference_url	https://access.redhat.com/errata/RHSA-2024:0043
reference_id	RHSA-2024:0043
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0043

reference_url	https://access.redhat.com/errata/RHSA-2024:10852
reference_id	RHSA-2024:10852
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10852

reference_url	https://access.redhat.com/errata/RHSA-2024:1362
reference_id	RHSA-2024:1362
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1362

reference_url	https://access.redhat.com/errata/RHSA-2024:1363
reference_id	RHSA-2024:1363
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1363

reference_url	https://access.redhat.com/errata/RHSA-2024:1456
reference_id	RHSA-2024:1456
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1456

reference_url	https://access.redhat.com/errata/RHSA-2024:1461
reference_id	RHSA-2024:1461
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1461

reference_url	https://access.redhat.com/errata/RHSA-2024:1474
reference_id	RHSA-2024:1474
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1474

reference_url	https://access.redhat.com/errata/RHSA-2024:1507
reference_id	RHSA-2024:1507
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1507

reference_url	https://access.redhat.com/errata/RHSA-2024:1508
reference_id	RHSA-2024:1508
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1508

reference_url	https://access.redhat.com/errata/RHSA-2024:1537
reference_id	RHSA-2024:1537
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1537

reference_url	https://access.redhat.com/errata/RHSA-2024:1538
reference_id	RHSA-2024:1538
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1538

reference_url	https://access.redhat.com/errata/RHSA-2024:1616
reference_id	RHSA-2024:1616
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1616

reference_url	https://access.redhat.com/errata/RHSA-2024:1765
reference_id	RHSA-2024:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1765

reference_url	https://access.redhat.com/errata/RHSA-2024:1795
reference_id	RHSA-2024:1795
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1795

reference_url	https://access.redhat.com/errata/RHSA-2024:1859
reference_id	RHSA-2024:1859
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1859

reference_url	https://access.redhat.com/errata/RHSA-2024:1874
reference_id	RHSA-2024:1874
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1874

reference_url	https://access.redhat.com/errata/RHSA-2024:1925
reference_id	RHSA-2024:1925
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1925

reference_url	https://access.redhat.com/errata/RHSA-2024:1946
reference_id	RHSA-2024:1946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1946

reference_url	https://access.redhat.com/errata/RHSA-2024:2096
reference_id	RHSA-2024:2096
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2096

reference_url	https://access.redhat.com/errata/RHSA-2024:2549
reference_id	RHSA-2024:2549
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2549

reference_url	https://access.redhat.com/errata/RHSA-2024:2550
reference_id	RHSA-2024:2550
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2550

reference_url	https://access.redhat.com/errata/RHSA-2024:2639
reference_id	RHSA-2024:2639
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2639

reference_url	https://access.redhat.com/errata/RHSA-2024:2666
reference_id	RHSA-2024:2666
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2666

reference_url	https://access.redhat.com/errata/RHSA-2024:2773
reference_id	RHSA-2024:2773
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2773

reference_url	https://access.redhat.com/errata/RHSA-2024:2781
reference_id	RHSA-2024:2781
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2781

reference_url	https://access.redhat.com/errata/RHSA-2024:2874
reference_id	RHSA-2024:2874
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2874

reference_url	https://access.redhat.com/errata/RHSA-2024:2901
reference_id	RHSA-2024:2901
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2901

reference_url	https://access.redhat.com/errata/RHSA-2024:3316
reference_id	RHSA-2024:3316
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3316

reference_url	https://access.redhat.com/errata/RHSA-2024:3617
reference_id	RHSA-2024:3617
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3617

reference_url	https://access.redhat.com/errata/RHSA-2024:3621
reference_id	RHSA-2024:3621
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3621

reference_url	https://access.redhat.com/errata/RHSA-2024:3634
reference_id	RHSA-2024:3634
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3634

reference_url	https://access.redhat.com/errata/RHSA-2024:3635
reference_id	RHSA-2024:3635
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3635

reference_url	https://access.redhat.com/errata/RHSA-2024:3636
reference_id	RHSA-2024:3636
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3636

reference_url	https://access.redhat.com/errata/RHSA-2024:3637
reference_id	RHSA-2024:3637
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3637

reference_url	https://access.redhat.com/errata/RHSA-2024:3683
reference_id	RHSA-2024:3683
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3683

reference_url	https://access.redhat.com/errata/RHSA-2024:3715
reference_id	RHSA-2024:3715
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3715

reference_url	https://access.redhat.com/errata/RHSA-2024:3717
reference_id	RHSA-2024:3717
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3717

reference_url	https://access.redhat.com/errata/RHSA-2024:3868
reference_id	RHSA-2024:3868
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3868

reference_url	https://access.redhat.com/errata/RHSA-2024:4150
reference_id	RHSA-2024:4150
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4150

reference_url	https://access.redhat.com/errata/RHSA-2024:4163
reference_id	RHSA-2024:4163
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4163

reference_url	https://access.redhat.com/errata/RHSA-2024:4246
reference_id	RHSA-2024:4246
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4246

reference_url	https://access.redhat.com/errata/RHSA-2024:4455
reference_id	RHSA-2024:4455
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4455

reference_url	https://access.redhat.com/errata/RHSA-2024:4597
reference_id	RHSA-2024:4597
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4597

reference_url	https://access.redhat.com/errata/RHSA-2024:4626
reference_id	RHSA-2024:4626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:4626

reference_url	https://access.redhat.com/errata/RHSA-2024:5013
reference_id	RHSA-2024:5013
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5013

reference_url	https://access.redhat.com/errata/RHSA-2024:5054
reference_id	RHSA-2024:5054
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5054

reference_url	https://access.redhat.com/errata/RHSA-2024:5422
reference_id	RHSA-2024:5422
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5422

reference_url	https://access.redhat.com/errata/RHSA-2024:6004
reference_id	RHSA-2024:6004
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6004

reference_url	https://access.redhat.com/errata/RHSA-2024:6221
reference_id	RHSA-2024:6221
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6221

reference_url	https://access.redhat.com/errata/RHSA-2024:6409
reference_id	RHSA-2024:6409
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6409

reference_url	https://access.redhat.com/errata/RHSA-2024:7184
reference_id	RHSA-2024:7184
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:7184

reference_url	https://access.redhat.com/errata/RHSA-2024:7548
reference_id	RHSA-2024:7548
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:7548

reference_url	https://access.redhat.com/errata/RHSA-2024:8040
reference_id	RHSA-2024:8040
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8040

reference_url	https://access.redhat.com/errata/RHSA-2024:8434
reference_id	RHSA-2024:8434
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8434

reference_url	https://access.redhat.com/errata/RHSA-2024:8676
reference_id	RHSA-2024:8676
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8676

reference_url	https://access.redhat.com/errata/RHSA-2024:8677
reference_id	RHSA-2024:8677
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8677

reference_url	https://access.redhat.com/errata/RHSA-2024:8704
reference_id	RHSA-2024:8704
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8704

reference_url	https://access.redhat.com/errata/RHSA-2024:9615
reference_id	RHSA-2024:9615
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9615

reference_url	https://access.redhat.com/errata/RHSA-2025:0654
reference_id	RHSA-2025:0654
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0654

reference_url	https://access.redhat.com/errata/RHSA-2025:0664
reference_id	RHSA-2025:0664
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0664

reference_url	https://access.redhat.com/errata/RHSA-2025:4204
reference_id	RHSA-2025:4204
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:4204

reference_url	https://access.redhat.com/errata/RHSA-2025:9776
reference_id	RHSA-2025:9776
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:9776

reference_url	https://usn.ubuntu.com/6746-1/
reference_id	USN-6746-1
reference_type
scores
url	https://usn.ubuntu.com/6746-1/

reference_url	https://usn.ubuntu.com/6746-2/
reference_id	USN-6746-2
reference_type
scores
url	https://usn.ubuntu.com/6746-2/

fixed_packages

url	pkg:apk/alpine/buildah@1.35.4-r0?arch=x86_64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/buildah@1.35.4-r0?arch=x86_64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.35.4-r0%3Farch=x86_64&distroversion=v3.20&reponame=community

aliases CVE-2024-24786, GHSA-8r3f-844c-mc37

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f8ak-21d8-juff

url VCID-gyyv-8fkv-syh5

vulnerability_id VCID-gyyv-8fkv-syh5

summary

Podman affected by CVE-2024-1753 container escape at build time
### Impact
_What kind of vulnerability is it? Who is impacted?_

Users running containers with root privileges allowing a container to run with read/write access to the host system files when selinux is not enabled.  With selinux enabled, some read access is allowed.

### Patches
From @nalind .  This is a patch for Buildah (https://github.com/containers/buildah).  Once fixed there, Buildah will be vendored into Podman.

```
# cat /root/cve-2024-1753.diff
--- internal/volumes/volumes.go
+++ internal/volumes/volumes.go
@@ -11,6 +11,7 @@ import (
 
 	"errors"
 
+	"github.com/containers/buildah/copier"
 	"github.com/containers/buildah/define"
 	"github.com/containers/buildah/internal"
 	internalParse "github.com/containers/buildah/internal/parse"
@@ -189,7 +190,11 @@ func GetBindMount(ctx *types.SystemContext, args []string, contextDir string, st
 	// buildkit parity: support absolute path for sources from current build context
 	if contextDir != "" {
 		// path should be /contextDir/specified path
-		newMount.Source = filepath.Join(contextDir, filepath.Clean(string(filepath.Separator)+newMount.Source))
+		evaluated, err := copier.Eval(contextDir, newMount.Source, copier.EvalOptions{})
+		if err != nil {
+			return newMount, "", err
+		}
+		newMount.Source = evaluated
 	} else {
 		// looks like its coming from `build run --mount=type=bind` allow using absolute path
 		// error out if no source is set
```
### Reproducer

Prior to testing, as root, add a memorable username to `/etc/passwd` via adduser or your favorite editor.   Also create a memorably named file in `/`.  Suggest: `touch /SHOULDNTSEETHIS.txt` and `adduser SHOULDNTSEETHIS`.  After testing, remember to remove both the file and the user from your system.

Use the following Containerfile

```
# cat ~/cve_Containerfile
FROM alpine as base

RUN ln -s / /rootdir
RUN ln -s /etc /etc2

FROM alpine

RUN echo "ls container root"
RUN ls -l /

RUN echo "With exploit show host root, not the container's root, and create /BIND_BREAKOUT in / on the host"
RUN --mount=type=bind,from=base,source=/rootdir,destination=/exploit,rw ls -l /exploit; touch /exploit/BIND_BREAKOUT; ls -l /exploit

RUN echo "With exploit show host /etc/passwd, not the container's, and create /BIND_BREAKOUT2 in /etc on the host"
RUN --mount=type=bind,rw,source=/etc2,destination=/etc2,from=base ls -l /; ls -l /etc2/passwd; cat /etc2/passwd; touch /etc2/BIND_BREAKOUT2; ls -l /etc2 
```

#### To Test

##### Testing with an older version of Podman with the issue
```
setenforce 0
podman build -f ~/cve_Containerfile .
```

As part of the printout from the build, you should be able to see the contents of the `/' and `/etc` directories, including the `/SHOULDNOTSEETHIS.txt` file that you created, and the contents of the `/etc/passwd` file which will include the `SHOULDNOTSEETHIS` user that you created.  In addition, the file `/BIND_BREAKOUT` and `/etc/BIND_BREAKOUT2` will exist on the host after the command is completed.  Be sure to remove those two files between tests.  

```
podman rm -a
podman rmi -a
rm /BIND_BREAKOUT
rm /etc/BIND_BREAKOUT2
setenforce 1
podman build -f ~/cve_Containerfile .
```
Neither the `/BIND_BREAKEOUT` or `/etc/BIND_BREAKOUT2` files should be created.  An error should be raised during the build when both files are trying to be created.  Also, errors will be raised when the build tries to display the contents of the `/etc/passwd` file, and nothing will be displayed from that file.  

However, the files in both the `/` and `/etc` directories on the host system will be displayed.

##### Testing with the patch

Use the same commands as testing with an older version of Podman.

When running using the patched version of Podman, regardless of the `setenforce` settings,  you should not see the file that you created or the user that you added.  Also the `/BIND_BREAKOUT` and the `/etc/BIND_BREAKOUT` will not exist on the host after the test completes.

NOTE: With the fix, the contents of the `/` and `/etc` directories, and the `/etc/passwd` file will be displayed, however, it will be the file and contents from the container image, and NOT the host system.  Also the `/BIND_BREAKOUT` and `/etc/BIND_BREAKOUT` files will be created in the container image.


### Workarounds
Ensure selinux controls are in place to avoid compromising sensitive system files and systems.  With "setenforce 0" set, which is not at all advised, the root file system is open for modification with this exploit.  With "setenfoce 1" set, which is the recommendation, files can not be changed.  However, the contents of the `/` directory can be displayed.  I.e., `ls -alF /` will show the contents of the host directory.

### References

Unknown.

references

reference_url

https://access.redhat.com/errata/RHSA-2024:2049

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/

url

https://access.redhat.com/errata/RHSA-2024:2049

reference_url

https://access.redhat.com/errata/RHSA-2024:2055

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/

url

https://access.redhat.com/errata/RHSA-2024:2055

reference_url

https://access.redhat.com/errata/RHSA-2024:2064

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/

url

https://access.redhat.com/errata/RHSA-2024:2064

reference_url

https://access.redhat.com/errata/RHSA-2024:2066

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/

url

https://access.redhat.com/errata/RHSA-2024:2066

reference_url

https://access.redhat.com/errata/RHSA-2024:2077

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/

url

https://access.redhat.com/errata/RHSA-2024:2077

reference_url

https://access.redhat.com/errata/RHSA-2024:2084

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/

url

https://access.redhat.com/errata/RHSA-2024:2084

reference_url

https://access.redhat.com/errata/RHSA-2024:2089

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/

url

https://access.redhat.com/errata/RHSA-2024:2089

reference_url

https://access.redhat.com/errata/RHSA-2024:2090

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/

url

https://access.redhat.com/errata/RHSA-2024:2090

reference_url

https://access.redhat.com/errata/RHSA-2024:2097

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/

url

https://access.redhat.com/errata/RHSA-2024:2097

reference_url

https://access.redhat.com/errata/RHSA-2024:2098

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/

url

https://access.redhat.com/errata/RHSA-2024:2098

reference_url

https://access.redhat.com/errata/RHSA-2024:2548

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/

url

https://access.redhat.com/errata/RHSA-2024:2548

reference_url

https://access.redhat.com/errata/RHSA-2024:2645

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/

url

https://access.redhat.com/errata/RHSA-2024:2645

reference_url

https://access.redhat.com/errata/RHSA-2024:2669

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/

url

https://access.redhat.com/errata/RHSA-2024:2669

reference_url

https://access.redhat.com/errata/RHSA-2024:2672

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/

url

https://access.redhat.com/errata/RHSA-2024:2672

reference_url

https://access.redhat.com/errata/RHSA-2024:2784

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/

url

https://access.redhat.com/errata/RHSA-2024:2784

reference_url

https://access.redhat.com/errata/RHSA-2024:2877

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/

url

https://access.redhat.com/errata/RHSA-2024:2877

reference_url

https://access.redhat.com/errata/RHSA-2024:3254

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/

url

https://access.redhat.com/errata/RHSA-2024:3254

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1753.json

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1753.json

reference_url

https://access.redhat.com/security/cve/CVE-2024-1753

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/

url

https://access.redhat.com/security/cve/CVE-2024-1753

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-1753

reference_id

reference_type

scores

value	0.00064
scoring_system	epss
scoring_elements	0.19976
published_at	2026-04-02T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.20034
published_at	2026-04-04T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22702
published_at	2026-04-21T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22677
published_at	2026-04-07T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22752
published_at	2026-04-08T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22804
published_at	2026-04-09T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22826
published_at	2026-04-11T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22788
published_at	2026-04-12T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22731
published_at	2026-04-13T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22747
published_at	2026-04-16T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22742
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-1753

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2265513

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2265513

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1753
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1753

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cf

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/

url

https://github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cf

reference_url

https://github.com/containers/podman

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/containers/podman

reference_url

https://github.com/containers/podman/security/advisories/GHSA-874v-pj72-92f3

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/

url

https://github.com/containers/podman/security/advisories/GHSA-874v-pj72-92f3

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCRZVUDOFM5CPREQKBEU2VK2QK62PSBP

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCRZVUDOFM5CPREQKBEU2VK2QK62PSBP

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYMVMQ7RWMDTSKQTBO734BE3WQPI2AJ

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYMVMQ7RWMDTSKQTBO734BE3WQPI2AJ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVBSVZGVABPYIHK5HZM472NPGWMI7WXH

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVBSVZGVABPYIHK5HZM472NPGWMI7WXH

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-1753

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-1753

reference_url

https://pkg.go.dev/vuln/GO-2024-2658

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/

url

https://pkg.go.dev/vuln/GO-2024-2658

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067800
reference_id	1067800
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067800

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
reference_id	cpe:/a:redhat:enterprise_linux:8::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
reference_id	cpe:/a:redhat:enterprise_linux:9::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:3.11
reference_id	cpe:/a:redhat:openshift:3.11
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:3.11

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8
reference_id	cpe:/a:redhat:openshift:4.12::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el9
reference_id	cpe:/a:redhat:openshift:4.12::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el8
reference_id	cpe:/a:redhat:openshift:4.13::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9
reference_id	cpe:/a:redhat:openshift:4.13::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el8
reference_id	cpe:/a:redhat:openshift:4.14::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9
reference_id	cpe:/a:redhat:openshift:4.14::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el8
reference_id	cpe:/a:redhat:openshift:4.15::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9
reference_id	cpe:/a:redhat:openshift:4.15::el9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.6::appstream
reference_id	cpe:/a:redhat:rhel_eus:8.6::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.6::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream
reference_id	cpe:/a:redhat:rhel_eus:8.8::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.0::appstream
reference_id	cpe:/a:redhat:rhel_eus:9.0::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.0::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream
reference_id	cpe:/a:redhat:rhel_eus:9.2::appstream
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id	cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7

reference_url	https://security.gentoo.org/glsa/202407-12
reference_id	GLSA-202407-12
reference_type
scores
url	https://security.gentoo.org/glsa/202407-12

reference_url	https://security.gentoo.org/glsa/202407-25
reference_id	GLSA-202407-25
reference_type
scores
url	https://security.gentoo.org/glsa/202407-25

fixed_packages

url	pkg:apk/alpine/buildah@1.35.4-r0?arch=x86_64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/buildah@1.35.4-r0?arch=x86_64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.35.4-r0%3Farch=x86_64&distroversion=v3.20&reponame=community

aliases CVE-2024-1753, GHSA-874v-pj72-92f3

risk_score 3.9

exploitability 0.5

weighted_severity 7.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gyyv-8fkv-syh5

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/buildah@1.35.4-r0%3Farch=x86_64&distroversion=v3.20&reponame=community

Package Instance