Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/containerd@1.3.3-r0?arch=x86&distroversion=v3.20&reponame=community
Typeapk
Namespacealpine
Namecontainerd
Version1.3.3-r0
Qualifiers
arch x86
distroversion v3.20
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.4.3-r0
Latest_non_vulnerable_version1.6.18-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-997v-f2ds-e3e4
vulnerability_id VCID-997v-f2ds-e3e4
summary 
Multiple vulnerabilities have been discovered in runC, the worst of
    which may lead to privilege escalation.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00018.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00018.html
1
reference_url https://access.redhat.com/errata/RHSA-2020:0688
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0688
2
reference_url https://access.redhat.com/errata/RHSA-2020:0695
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2020:0695
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19921.json
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19921.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19921
reference_id
reference_type
scores
0
value 0.00126
scoring_system epss
scoring_elements 0.31948
published_at 2026-04-18T12:55:00Z
1
value 0.00126
scoring_system epss
scoring_elements 0.32005
published_at 2026-04-09T12:55:00Z
2
value 0.00126
scoring_system epss
scoring_elements 0.31976
published_at 2026-04-08T12:55:00Z
3
value 0.00126
scoring_system epss
scoring_elements 0.31924
published_at 2026-04-07T12:55:00Z
4
value 0.00126
scoring_system epss
scoring_elements 0.32102
published_at 2026-04-04T12:55:00Z
5
value 0.00126
scoring_system epss
scoring_elements 0.32062
published_at 2026-04-02T12:55:00Z
6
value 0.00126
scoring_system epss
scoring_elements 0.31934
published_at 2026-04-01T12:55:00Z
7
value 0.00126
scoring_system epss
scoring_elements 0.31969
published_at 2026-04-16T12:55:00Z
8
value 0.00126
scoring_system epss
scoring_elements 0.31935
published_at 2026-04-13T12:55:00Z
9
value 0.00126
scoring_system epss
scoring_elements 0.32008
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19921
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19921
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19921
6
reference_url https://github.com/opencontainers/runc/commit/2fc03cc11c775b7a8b2e48d7ee447cb9bef32ad0
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/opencontainers/runc/commit/2fc03cc11c775b7a8b2e48d7ee447cb9bef32ad0
7
reference_url https://github.com/opencontainers/runc/issues/2197
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/opencontainers/runc/issues/2197
8
reference_url https://github.com/opencontainers/runc/pull/2190
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/opencontainers/runc/pull/2190
9
reference_url https://github.com/opencontainers/runc/pull/2207
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/opencontainers/runc/pull/2207
10
reference_url https://github.com/opencontainers/runc/releases
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/opencontainers/runc/releases
11
reference_url https://github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjw
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjw
12
reference_url https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-19921
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-19921
19
reference_url https://pkg.go.dev/vuln/GO-2021-0087
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2021-0087
20
reference_url https://security-tracker.debian.org/tracker/CVE-2019-19921
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security-tracker.debian.org/tracker/CVE-2019-19921
21
reference_url https://usn.ubuntu.com/4297-1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://usn.ubuntu.com/4297-1
22
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1796107
reference_id 1796107
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1796107
23
reference_url https://security.gentoo.org/glsa/202003-21
reference_id GLSA-202003-21
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:U/RC:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202003-21
24
reference_url https://access.redhat.com/errata/RHSA-2020:0942
reference_id RHSA-2020:0942
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:0942
25
reference_url https://access.redhat.com/errata/RHSA-2020:1485
reference_id RHSA-2020:1485
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1485
26
reference_url https://usn.ubuntu.com/4297-1/
reference_id USN-4297-1
reference_type
scores
url https://usn.ubuntu.com/4297-1/
27
reference_url https://usn.ubuntu.com/6088-2/
reference_id USN-6088-2
reference_type
scores
url https://usn.ubuntu.com/6088-2/
fixed_packages
0
url pkg:apk/alpine/containerd@1.3.3-r0?arch=x86&distroversion=v3.20&reponame=community
purl pkg:apk/alpine/containerd@1.3.3-r0?arch=x86&distroversion=v3.20&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.3.3-r0%3Farch=x86&distroversion=v3.20&reponame=community
aliases CVE-2019-19921, GHSA-fh74-hm69-rqjw
risk_score 3.1
exploitability 0.5
weighted_severity 6.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-997v-f2ds-e3e4
1
url VCID-9s34-1nd8-f7ee
vulnerability_id VCID-9s34-1nd8-f7ee
summary 
XML Entity Expansion and Improper Input Validation in Kubernetes API server
Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility.

### Specific Go Packages Affected
k8s.io/kubernetes/pkg/apiserver
references
0
reference_url https://access.redhat.com/errata/RHSA-2019:3239
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3239
1
reference_url https://access.redhat.com/errata/RHSA-2019:3811
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3811
2
reference_url https://access.redhat.com/errata/RHSA-2019:3905
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:3905
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11253.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11253.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11253
reference_id
reference_type
scores
0
value 0.83793
scoring_system epss
scoring_elements 0.99291
published_at 2026-04-08T12:55:00Z
1
value 0.83793
scoring_system epss
scoring_elements 0.99296
published_at 2026-04-18T12:55:00Z
2
value 0.83793
scoring_system epss
scoring_elements 0.99295
published_at 2026-04-16T12:55:00Z
3
value 0.83793
scoring_system epss
scoring_elements 0.99294
published_at 2026-04-12T12:55:00Z
4
value 0.83793
scoring_system epss
scoring_elements 0.99293
published_at 2026-04-13T12:55:00Z
5
value 0.83793
scoring_system epss
scoring_elements 0.99292
published_at 2026-04-09T12:55:00Z
6
value 0.83793
scoring_system epss
scoring_elements 0.99285
published_at 2026-04-01T12:55:00Z
7
value 0.83793
scoring_system epss
scoring_elements 0.99286
published_at 2026-04-02T12:55:00Z
8
value 0.83793
scoring_system epss
scoring_elements 0.99288
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11253
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11253
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11253
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://gist.github.com/bgeesaman/0e0349e94cd22c48bf14d8a9b7d6b8f2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://gist.github.com/bgeesaman/0e0349e94cd22c48bf14d8a9b7d6b8f2
8
reference_url https://github.com/kubernetes/kubernetes/issues/83253
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/issues/83253
9
reference_url https://github.com/kubernetes/kubernetes/pull/83261
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/pull/83261
10
reference_url https://groups.google.com/forum/#%21topic/kubernetes-security-announce/jk8polzSUxs
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21topic/kubernetes-security-announce/jk8polzSUxs
11
reference_url https://groups.google.com/forum/#!topic/kubernetes-security-announce/jk8polzSUxs
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/kubernetes-security-announce/jk8polzSUxs
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11253
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:P
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-11253
13
reference_url https://pkg.go.dev/vuln/GO-2022-0703
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2022-0703
14
reference_url https://security.netapp.com/advisory/ntap-20191031-0006
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20191031-0006
15
reference_url https://security.netapp.com/advisory/ntap-20191031-0006/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20191031-0006/
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1757701
reference_id 1757701
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1757701
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
18
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*
19
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*
21
reference_url https://access.redhat.com/errata/RHSA-2019:3132
reference_id RHSA-2019:3132
reference_type
scores
url https://access.redhat.com/errata/RHSA-2019:3132
22
reference_url https://access.redhat.com/errata/RHSA-2020:2795
reference_id RHSA-2020:2795
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2795
23
reference_url https://access.redhat.com/errata/RHSA-2020:2796
reference_id RHSA-2020:2796
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2796
24
reference_url https://access.redhat.com/errata/RHSA-2020:2799
reference_id RHSA-2020:2799
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2799
25
reference_url https://access.redhat.com/errata/RHSA-2020:2861
reference_id RHSA-2020:2861
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2861
26
reference_url https://access.redhat.com/errata/RHSA-2020:2863
reference_id RHSA-2020:2863
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2863
27
reference_url https://access.redhat.com/errata/RHSA-2020:2870
reference_id RHSA-2020:2870
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:2870
28
reference_url https://access.redhat.com/errata/RHSA-2022:2183
reference_id RHSA-2022:2183
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2183
fixed_packages
0
url pkg:apk/alpine/containerd@1.3.3-r0?arch=x86&distroversion=v3.20&reponame=community
purl pkg:apk/alpine/containerd@1.3.3-r0?arch=x86&distroversion=v3.20&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.3.3-r0%3Farch=x86&distroversion=v3.20&reponame=community
aliases CVE-2019-11253, GHSA-pmqp-h87c-mr78
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9s34-1nd8-f7ee
2
url VCID-ry9q-vr9h-cbg2
vulnerability_id VCID-ry9q-vr9h-cbg2
summary 
Helm uses crypto package vulnerable to panic from malformed X.509 certificate
The Helm core maintainers have identified a high severity security vulnerability in Go's `crypto` package affecting all versions prior to Helm 2.16.8 and Helm 3.1.0.

Thanks to @ravin9249 for identifying the vulnerability.

### Impact

Go before 1.12.16 and 1.13.x before 1.13.7 (and the `crypto/cryptobyte` package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients resulting in a panic via a malformed X.509 certificate. This may allow a remote attacker to cause a denial of service.

### Patches

A patch to compile Helm against Go 1.14.4 has been provided for Helm 2 and is available in Helm 2.16.8. Helm 3.1.0 and newer are compiled against Go 1.13.7+.

### Workarounds

No workaround is available. Users are urged to upgrade.

### References

- https://nvd.nist.gov/vuln/detail/CVE-2020-7919
- https://github.com/helm/helm/pull/8288

### For more information

If you have any questions or comments about this advisory:

* Open an issue in [the Helm repository](https://github.com/helm/helm/issues)
* For security-specific issues, email us at <cncf-helm-security@lists.cncf.io>
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7919.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7919.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-7919
reference_id
reference_type
scores
0
value 0.00651
scoring_system epss
scoring_elements 0.70914
published_at 2026-04-18T12:55:00Z
1
value 0.00651
scoring_system epss
scoring_elements 0.70908
published_at 2026-04-16T12:55:00Z
2
value 0.00651
scoring_system epss
scoring_elements 0.70862
published_at 2026-04-13T12:55:00Z
3
value 0.00651
scoring_system epss
scoring_elements 0.70877
published_at 2026-04-12T12:55:00Z
4
value 0.00651
scoring_system epss
scoring_elements 0.70803
published_at 2026-04-01T12:55:00Z
5
value 0.00651
scoring_system epss
scoring_elements 0.7087
published_at 2026-04-09T12:55:00Z
6
value 0.00651
scoring_system epss
scoring_elements 0.70855
published_at 2026-04-08T12:55:00Z
7
value 0.00651
scoring_system epss
scoring_elements 0.70811
published_at 2026-04-07T12:55:00Z
8
value 0.00651
scoring_system epss
scoring_elements 0.70836
published_at 2026-04-04T12:55:00Z
9
value 0.00651
scoring_system epss
scoring_elements 0.70818
published_at 2026-04-02T12:55:00Z
10
value 0.00651
scoring_system epss
scoring_elements 0.70893
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-7919
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15586
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15586
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16845
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16845
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7919
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7919
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3114
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3114
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/helm/helm
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/helm/helm
8
reference_url https://github.com/helm/helm/security/advisories/GHSA-cjjc-xp8v-855w
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/helm/helm/security/advisories/GHSA-cjjc-xp8v-855w
9
reference_url https://go.dev/cl/216677
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://go.dev/cl/216677
10
reference_url https://go.dev/cl/216680
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://go.dev/cl/216680
11
reference_url https://go.dev/issue/36837
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://go.dev/issue/36837
12
reference_url https://go.googlesource.com/go/+/b13ce14c4a6aa59b7b041ad2b6eed2d23e15b574
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://go.googlesource.com/go/+/b13ce14c4a6aa59b7b041ad2b6eed2d23e15b574
13
reference_url https://groups.google.com/forum/#%21forum/golang-announce
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21forum/golang-announce
14
reference_url https://groups.google.com/forum/#%21topic/golang-announce/Hsw4mHYc470
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21topic/golang-announce/Hsw4mHYc470
15
reference_url https://groups.google.com/forum/#%21topic/golang-announce/-sdUB4VEQkA
reference_id
reference_type
scores
url https://groups.google.com/forum/#%21topic/golang-announce/-sdUB4VEQkA
16
reference_url https://groups.google.com/forum/#!forum/golang-announce
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!forum/golang-announce
17
reference_url https://groups.google.com/forum/#!topic/golang-announce/Hsw4mHYc470
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/golang-announce/Hsw4mHYc470
18
reference_url https://groups.google.com/forum/#!topic/golang-announce/-sdUB4VEQkA
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/forum/#!topic/golang-announce/-sdUB4VEQkA
19
reference_url https://groups.google.com/g/golang-announce/c/Hsw4mHYc470
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://groups.google.com/g/golang-announce/c/Hsw4mHYc470
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S43VLYRURELDWX4D5RFOYBNFGO6CGBBC/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S43VLYRURELDWX4D5RFOYBNFGO6CGBBC/
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S43VLYRURELDWX4D5RFOYBNFGO6CGBBC
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S43VLYRURELDWX4D5RFOYBNFGO6CGBBC
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-7919
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:N/I:N/A:C
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-7919
23
reference_url https://pkg.go.dev/vuln/GO-2022-0229
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2022-0229
24
reference_url https://security.netapp.com/advisory/ntap-20200327-0001
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20200327-0001
25
reference_url https://security.netapp.com/advisory/ntap-20200327-0001/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20200327-0001/
26
reference_url https://www.debian.org/security/2021/dsa-4848
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-4848
27
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
28
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1808041
reference_id 1808041
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1808041
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_insights_telegraf:-:*:*:*:*:*:*:*
reference_id cpe:2.3:a:netapp:cloud_insights_telegraf:-:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_insights_telegraf:-:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
reference_id cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
reference_id cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
fixed_packages
0
url pkg:apk/alpine/containerd@1.3.3-r0?arch=x86&distroversion=v3.20&reponame=community
purl pkg:apk/alpine/containerd@1.3.3-r0?arch=x86&distroversion=v3.20&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.3.3-r0%3Farch=x86&distroversion=v3.20&reponame=community
aliases CVE-2020-7919, GHSA-cjjc-xp8v-855w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ry9q-vr9h-cbg2
3
url VCID-xv7z-d6dr-9yec
vulnerability_id VCID-xv7z-d6dr-9yec
summary A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-0601
reference_id
reference_type
scores
0
value 0.94093
scoring_system epss
scoring_elements 0.99908
published_at 2026-04-18T12:55:00Z
1
value 0.94093
scoring_system epss
scoring_elements 0.99907
published_at 2026-04-16T12:55:00Z
2
value 0.94093
scoring_system epss
scoring_elements 0.99905
published_at 2026-04-07T12:55:00Z
3
value 0.94093
scoring_system epss
scoring_elements 0.99906
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-0601
1
reference_url http://packetstormsecurity.com/files/155960/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html
reference_id CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T15:27:42Z/
url http://packetstormsecurity.com/files/155960/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html
2
reference_url http://packetstormsecurity.com/files/155961/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html
reference_id CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T15:27:42Z/
url http://packetstormsecurity.com/files/155961/CurveBall-Microsoft-Windows-CryptoAPI-Spoofing-Proof-Of-Concept.html
3
reference_url https://github.com/ollypwn/cve-2020-0601/tree/d957153ee016c69674769b64bf87b49f7d91120e
reference_id CVE-2020-0601
reference_type exploit
scores
url https://github.com/ollypwn/cve-2020-0601/tree/d957153ee016c69674769b64bf87b49f7d91120e
4
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/47933.rb
reference_id CVE-2020-0601
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/47933.rb
5
reference_url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601
reference_id CVE-2020-0601
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-07T15:27:42Z/
url https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601
fixed_packages
0
url pkg:apk/alpine/containerd@1.3.3-r0?arch=x86&distroversion=v3.20&reponame=community
purl pkg:apk/alpine/containerd@1.3.3-r0?arch=x86&distroversion=v3.20&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.3.3-r0%3Farch=x86&distroversion=v3.20&reponame=community
aliases CVE-2020-0601
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xv7z-d6dr-9yec
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.3.3-r0%3Farch=x86&distroversion=v3.20&reponame=community