Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:apk/alpine/containerd@1.5.7-r0?arch=aarch64&distroversion=v3.17&reponame=community
Typeapk
Namespacealpine
Namecontainerd
Version1.5.7-r0
Qualifiers
arch aarch64
distroversion v3.17
reponame community
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.5.8-r0
Latest_non_vulnerable_version1.6.18-r0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-kuwr-ugf2-rke4
vulnerability_id VCID-kuwr-ugf2-rke4
summary 
Insufficiently restricted permissions on plugin directories
### Impact
A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files.

### Patches
This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability.

### Workarounds
Limit access to the host to trusted users. Update directory permission on container bundles directories. 

### For more information
If you have any questions or comments about this advisory: 
* Open an issue in [github.com/containerd/containerd](https://github.com/containerd/containerd/issues/new/choose)
* Email us at [security@containerd.io](mailto:security@containerd.io)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41103.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41103.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41103
reference_id
reference_type
scores
0
value 0.00085
scoring_system epss
scoring_elements 0.24592
published_at 2026-04-21T12:55:00Z
1
value 0.00085
scoring_system epss
scoring_elements 0.24614
published_at 2026-04-18T12:55:00Z
2
value 0.00085
scoring_system epss
scoring_elements 0.24689
published_at 2026-04-01T12:55:00Z
3
value 0.00085
scoring_system epss
scoring_elements 0.24624
published_at 2026-04-16T12:55:00Z
4
value 0.00085
scoring_system epss
scoring_elements 0.24611
published_at 2026-04-13T12:55:00Z
5
value 0.00085
scoring_system epss
scoring_elements 0.24668
published_at 2026-04-12T12:55:00Z
6
value 0.00085
scoring_system epss
scoring_elements 0.24709
published_at 2026-04-11T12:55:00Z
7
value 0.00085
scoring_system epss
scoring_elements 0.24695
published_at 2026-04-09T12:55:00Z
8
value 0.00085
scoring_system epss
scoring_elements 0.24648
published_at 2026-04-08T12:55:00Z
9
value 0.00085
scoring_system epss
scoring_elements 0.24579
published_at 2026-04-07T12:55:00Z
10
value 0.00085
scoring_system epss
scoring_elements 0.24805
published_at 2026-04-04T12:55:00Z
11
value 0.00085
scoring_system epss
scoring_elements 0.24766
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41103
2
reference_url https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41103
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41103
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/containerd/containerd
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd
6
reference_url https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8
7
reference_url https://github.com/containerd/containerd/releases/tag/v1.4.11
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/releases/tag/v1.4.11
8
reference_url https://github.com/containerd/containerd/releases/tag/v1.5.7
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/releases/tag/v1.5.7
9
reference_url https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB
14
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41103
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41103
15
reference_url https://security.gentoo.org/glsa/202401-31
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.gentoo.org/glsa/202401-31
16
reference_url https://www.debian.org/security/2021/dsa-5002
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-5002
17
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2011007
reference_id 2011007
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2011007
18
reference_url https://security.archlinux.org/AVG-2439
reference_id AVG-2439
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2439
19
reference_url https://access.redhat.com/errata/RHSA-2022:5673
reference_id RHSA-2022:5673
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5673
20
reference_url https://access.redhat.com/errata/RHSA-2022:6517
reference_id RHSA-2022:6517
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6517
21
reference_url https://usn.ubuntu.com/5100-1/
reference_id USN-5100-1
reference_type
scores
url https://usn.ubuntu.com/5100-1/
22
reference_url https://usn.ubuntu.com/USN-5521-1/
reference_id USN-USN-5521-1
reference_type
scores
url https://usn.ubuntu.com/USN-5521-1/
fixed_packages
0
url pkg:apk/alpine/containerd@1.5.7-r0?arch=aarch64&distroversion=v3.17&reponame=community
purl pkg:apk/alpine/containerd@1.5.7-r0?arch=aarch64&distroversion=v3.17&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.5.7-r0%3Farch=aarch64&distroversion=v3.17&reponame=community
aliases CVE-2021-41103, GHSA-c2h3-6mxw-7mvq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kuwr-ugf2-rke4
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:apk/alpine/containerd@1.5.7-r0%3Farch=aarch64&distroversion=v3.17&reponame=community