Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/runc@4:1.1.9-1?arch=el9
Typerpm
Namespaceredhat
Namerunc
Version4:1.1.9-1
Qualifiers
arch el9
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-e44x-a9xm-6ke9
vulnerability_id VCID-e44x-a9xm-6ke9
summary Multiple vulnerabilities have been discovered in Go, the worst of which could lead to remote code execution.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41724.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41724.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41724
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05209
published_at 2026-04-02T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05203
published_at 2026-04-18T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05299
published_at 2026-04-08T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.0532
published_at 2026-04-09T12:55:00Z
4
value 0.0002
scoring_system epss
scoring_elements 0.05285
published_at 2026-04-11T12:55:00Z
5
value 0.0002
scoring_system epss
scoring_elements 0.05271
published_at 2026-04-12T12:55:00Z
6
value 0.0002
scoring_system epss
scoring_elements 0.05257
published_at 2026-04-13T12:55:00Z
7
value 0.0002
scoring_system epss
scoring_elements 0.05201
published_at 2026-04-16T12:55:00Z
8
value 0.0002
scoring_system epss
scoring_elements 0.05239
published_at 2026-04-04T12:55:00Z
9
value 0.0002
scoring_system epss
scoring_elements 0.05264
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41724
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2178492
reference_id 2178492
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2178492
5
reference_url https://go.dev/cl/468125
reference_id 468125
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T17:56:50Z/
url https://go.dev/cl/468125
6
reference_url https://go.dev/issue/58001
reference_id 58001
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T17:56:50Z/
url https://go.dev/issue/58001
7
reference_url https://pkg.go.dev/vuln/GO-2023-1570
reference_id GO-2023-1570
reference_type
scores
0
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-07T17:56:50Z/
url https://pkg.go.dev/vuln/GO-2023-1570
8
reference_url https://access.redhat.com/errata/RHSA-2023:0584
reference_id RHSA-2023:0584
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0584
9
reference_url https://access.redhat.com/errata/RHSA-2023:1325
reference_id RHSA-2023:1325
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1325
10
reference_url https://access.redhat.com/errata/RHSA-2023:1326
reference_id RHSA-2023:1326
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1326
11
reference_url https://access.redhat.com/errata/RHSA-2023:1329
reference_id RHSA-2023:1329
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1329
12
reference_url https://access.redhat.com/errata/RHSA-2023:1639
reference_id RHSA-2023:1639
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1639
13
reference_url https://access.redhat.com/errata/RHSA-2023:1817
reference_id RHSA-2023:1817
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1817
14
reference_url https://access.redhat.com/errata/RHSA-2023:2107
reference_id RHSA-2023:2107
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2107
15
reference_url https://access.redhat.com/errata/RHSA-2023:3083
reference_id RHSA-2023:3083
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3083
16
reference_url https://access.redhat.com/errata/RHSA-2023:3167
reference_id RHSA-2023:3167
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3167
17
reference_url https://access.redhat.com/errata/RHSA-2023:3303
reference_id RHSA-2023:3303
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3303
18
reference_url https://access.redhat.com/errata/RHSA-2023:3366
reference_id RHSA-2023:3366
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3366
19
reference_url https://access.redhat.com/errata/RHSA-2023:3445
reference_id RHSA-2023:3445
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3445
20
reference_url https://access.redhat.com/errata/RHSA-2023:3450
reference_id RHSA-2023:3450
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3450
21
reference_url https://access.redhat.com/errata/RHSA-2023:3455
reference_id RHSA-2023:3455
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3455
22
reference_url https://access.redhat.com/errata/RHSA-2023:3612
reference_id RHSA-2023:3612
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3612
23
reference_url https://access.redhat.com/errata/RHSA-2023:3742
reference_id RHSA-2023:3742
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3742
24
reference_url https://access.redhat.com/errata/RHSA-2023:4003
reference_id RHSA-2023:4003
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4003
25
reference_url https://access.redhat.com/errata/RHSA-2023:4335
reference_id RHSA-2023:4335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4335
26
reference_url https://access.redhat.com/errata/RHSA-2023:4470
reference_id RHSA-2023:4470
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4470
27
reference_url https://access.redhat.com/errata/RHSA-2023:4627
reference_id RHSA-2023:4627
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4627
28
reference_url https://access.redhat.com/errata/RHSA-2023:5935
reference_id RHSA-2023:5935
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5935
29
reference_url https://access.redhat.com/errata/RHSA-2023:5964
reference_id RHSA-2023:5964
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5964
30
reference_url https://access.redhat.com/errata/RHSA-2023:5976
reference_id RHSA-2023:5976
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5976
31
reference_url https://access.redhat.com/errata/RHSA-2023:6363
reference_id RHSA-2023:6363
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6363
32
reference_url https://access.redhat.com/errata/RHSA-2023:6380
reference_id RHSA-2023:6380
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6380
33
reference_url https://access.redhat.com/errata/RHSA-2023:6402
reference_id RHSA-2023:6402
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6402
34
reference_url https://access.redhat.com/errata/RHSA-2023:6473
reference_id RHSA-2023:6473
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6473
35
reference_url https://access.redhat.com/errata/RHSA-2023:6474
reference_id RHSA-2023:6474
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6474
36
reference_url https://access.redhat.com/errata/RHSA-2023:6817
reference_id RHSA-2023:6817
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6817
37
reference_url https://access.redhat.com/errata/RHSA-2023:6938
reference_id RHSA-2023:6938
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6938
38
reference_url https://access.redhat.com/errata/RHSA-2023:6939
reference_id RHSA-2023:6939
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6939
39
reference_url https://access.redhat.com/errata/RHSA-2023:7672
reference_id RHSA-2023:7672
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7672
40
reference_url https://access.redhat.com/errata/RHSA-2024:2944
reference_id RHSA-2024:2944
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2944
41
reference_url https://usn.ubuntu.com/6140-1/
reference_id USN-6140-1
reference_type
scores
url https://usn.ubuntu.com/6140-1/
42
reference_url https://usn.ubuntu.com/7109-1/
reference_id USN-7109-1
reference_type
scores
url https://usn.ubuntu.com/7109-1/
43
reference_url https://usn.ubuntu.com/7111-1/
reference_id USN-7111-1
reference_type
scores
url https://usn.ubuntu.com/7111-1/
fixed_packages
aliases CVE-2022-41724
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e44x-a9xm-6ke9
1
url VCID-jc1e-8tt4-xqdn
vulnerability_id VCID-jc1e-8tt4-xqdn
summary 
Opencontainers runc Incorrect Authorization vulnerability
runc 1.0.0-rc95 through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to `libcontainer/rootfs_linux.go`. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27561.json
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27561.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27561
reference_id
reference_type
scores
0
value 0.00146
scoring_system epss
scoring_elements 0.35064
published_at 2026-04-18T12:55:00Z
1
value 0.00146
scoring_system epss
scoring_elements 0.35079
published_at 2026-04-16T12:55:00Z
2
value 0.00146
scoring_system epss
scoring_elements 0.35069
published_at 2026-04-08T12:55:00Z
3
value 0.00146
scoring_system epss
scoring_elements 0.35099
published_at 2026-04-11T12:55:00Z
4
value 0.00146
scoring_system epss
scoring_elements 0.35095
published_at 2026-04-09T12:55:00Z
5
value 0.00146
scoring_system epss
scoring_elements 0.35118
published_at 2026-04-02T12:55:00Z
6
value 0.00146
scoring_system epss
scoring_elements 0.35147
published_at 2026-04-04T12:55:00Z
7
value 0.00146
scoring_system epss
scoring_elements 0.35025
published_at 2026-04-07T12:55:00Z
8
value 0.00146
scoring_system epss
scoring_elements 0.3504
published_at 2026-04-13T12:55:00Z
9
value 0.00146
scoring_system epss
scoring_elements 0.35065
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27561
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-26T04:00:21Z/
url https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9
5
reference_url https://github.com/opencontainers/runc
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/opencontainers/runc
6
reference_url https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-26T04:00:21Z/
url https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334
7
reference_url https://github.com/opencontainers/runc/issues/3751
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-26T04:00:21Z/
url https://github.com/opencontainers/runc/issues/3751
8
reference_url https://github.com/opencontainers/runc/pull/3785
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/opencontainers/runc/pull/3785
9
reference_url https://github.com/opencontainers/runc/releases/tag/v1.1.5
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/opencontainers/runc/releases/tag/v1.1.5
10
reference_url https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-26T04:00:21Z/
url https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ
21
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27561
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27561
22
reference_url https://security.netapp.com/advisory/ntap-20241206-0004
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241206-0004
23
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033520
reference_id 1033520
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033520
24
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2175721
reference_id 2175721
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2175721
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/
reference_id ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-26T04:00:21Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/
26
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/
reference_id DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-26T04:00:21Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/
27
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/
reference_id FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-26T04:00:21Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/
28
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/
reference_id FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-26T04:00:21Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/
29
reference_url https://security.gentoo.org/glsa/202408-25
reference_id GLSA-202408-25
reference_type
scores
url https://security.gentoo.org/glsa/202408-25
30
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/
reference_id I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-04-26T04:00:21Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/
31
reference_url https://access.redhat.com/errata/RHSA-2023:1326
reference_id RHSA-2023:1326
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1326
32
reference_url https://access.redhat.com/errata/RHSA-2023:3612
reference_id RHSA-2023:3612
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3612
33
reference_url https://access.redhat.com/errata/RHSA-2023:5006
reference_id RHSA-2023:5006
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5006
34
reference_url https://access.redhat.com/errata/RHSA-2023:6380
reference_id RHSA-2023:6380
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6380
35
reference_url https://access.redhat.com/errata/RHSA-2023:6938
reference_id RHSA-2023:6938
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6938
36
reference_url https://access.redhat.com/errata/RHSA-2023:6939
reference_id RHSA-2023:6939
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6939
37
reference_url https://usn.ubuntu.com/6088-1/
reference_id USN-6088-1
reference_type
scores
url https://usn.ubuntu.com/6088-1/
38
reference_url https://usn.ubuntu.com/6088-2/
reference_id USN-6088-2
reference_type
scores
url https://usn.ubuntu.com/6088-2/
fixed_packages
aliases CVE-2023-27561, GHSA-vpvm-3wq2-2wvm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jc1e-8tt4-xqdn
2
url VCID-seds-dzew-jyfs
vulnerability_id VCID-seds-dzew-jyfs
summary 
runc AppArmor bypass with symlinked /proc
### Impact
It was found that AppArmor, and potentially SELinux, can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration.

### Patches
Fixed in runc v1.1.5, by prohibiting symlinked `/proc`: https://github.com/opencontainers/runc/pull/3785

This PR fixes CVE-2023-27561 as well.

### Workarounds
Avoid using an untrusted container image.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28642.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28642.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28642
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01328
published_at 2026-04-02T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01739
published_at 2026-04-16T12:55:00Z
2
value 0.00012
scoring_system epss
scoring_elements 0.0175
published_at 2026-04-13T12:55:00Z
3
value 0.00012
scoring_system epss
scoring_elements 0.01752
published_at 2026-04-12T12:55:00Z
4
value 0.00012
scoring_system epss
scoring_elements 0.01762
published_at 2026-04-11T12:55:00Z
5
value 0.00012
scoring_system epss
scoring_elements 0.01767
published_at 2026-04-09T12:55:00Z
6
value 0.00012
scoring_system epss
scoring_elements 0.01759
published_at 2026-04-08T12:55:00Z
7
value 0.00012
scoring_system epss
scoring_elements 0.01755
published_at 2026-04-07T12:55:00Z
8
value 0.00012
scoring_system epss
scoring_elements 0.0174
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28642
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/opencontainers/runc
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/opencontainers/runc
5
reference_url https://github.com/opencontainers/runc/pull/3785
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T16:02:47Z/
url https://github.com/opencontainers/runc/pull/3785
6
reference_url https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T16:02:47Z/
url https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28642
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28642
8
reference_url https://security.netapp.com/advisory/ntap-20241206-0005
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241206-0005
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2182883
reference_id 2182883
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2182883
10
reference_url https://security.gentoo.org/glsa/202408-25
reference_id GLSA-202408-25
reference_type
scores
url https://security.gentoo.org/glsa/202408-25
11
reference_url https://access.redhat.com/errata/RHSA-2023:1326
reference_id RHSA-2023:1326
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1326
12
reference_url https://access.redhat.com/errata/RHSA-2023:6380
reference_id RHSA-2023:6380
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6380
13
reference_url https://access.redhat.com/errata/RHSA-2023:6938
reference_id RHSA-2023:6938
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6938
14
reference_url https://access.redhat.com/errata/RHSA-2023:6939
reference_id RHSA-2023:6939
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6939
15
reference_url https://access.redhat.com/errata/RHSA-2024:0564
reference_id RHSA-2024:0564
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0564
16
reference_url https://usn.ubuntu.com/6088-1/
reference_id USN-6088-1
reference_type
scores
url https://usn.ubuntu.com/6088-1/
17
reference_url https://usn.ubuntu.com/6088-2/
reference_id USN-6088-2
reference_type
scores
url https://usn.ubuntu.com/6088-2/
fixed_packages
aliases CVE-2023-28642, GHSA-g2j6-57v7-gm8c
risk_score 3.5
exploitability 0.5
weighted_severity 7.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-seds-dzew-jyfs
3
url VCID-v2ys-xbn5-guh4
vulnerability_id VCID-v2ys-xbn5-guh4
summary 
rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc
### Impact
It was found that rootless runc makes `/sys/fs/cgroup` writable in following conditons:
1. when runc is executed inside the user namespace, and the `config.json` does not specify the cgroup namespace to be unshared (e.g.., `(docker|podman|nerdctl) run --cgroupns=host`, with Rootless Docker/Podman/nerdctl)
2. or, when runc is executed outside the user namespace, and `/sys` is mounted with `rbind, ro` (e.g., `runc spec --rootless`; this condition is very rare)

A container may gain the write access to user-owned cgroup hierarchy `/sys/fs/cgroup/user.slice/...` on the host .
Other users's cgroup hierarchies are not affected.

### Patches
v1.1.5 (planned)

### Workarounds
- Condition 1: Unshare the cgroup namespace (`(docker|podman|nerdctl) run --cgroupns=private)`. This is the default behavior of Docker/Podman/nerdctl on cgroup v2 hosts.
- Condition 2 (very rare): add `/sys/fs/cgroup` to `maskedPaths`
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25809.json
reference_id
reference_type
scores
0
value 6.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-25809.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25809
reference_id
reference_type
scores
0
value 0.00034
scoring_system epss
scoring_elements 0.10138
published_at 2026-04-09T12:55:00Z
1
value 0.00034
scoring_system epss
scoring_elements 0.10115
published_at 2026-04-13T12:55:00Z
2
value 0.00034
scoring_system epss
scoring_elements 0.10045
published_at 2026-04-02T12:55:00Z
3
value 0.00034
scoring_system epss
scoring_elements 0.10136
published_at 2026-04-12T12:55:00Z
4
value 0.00034
scoring_system epss
scoring_elements 0.10176
published_at 2026-04-11T12:55:00Z
5
value 0.00034
scoring_system epss
scoring_elements 0.10103
published_at 2026-04-04T12:55:00Z
6
value 0.00034
scoring_system epss
scoring_elements 0.10001
published_at 2026-04-07T12:55:00Z
7
value 0.00034
scoring_system epss
scoring_elements 0.10077
published_at 2026-04-08T12:55:00Z
8
value 0.0004
scoring_system epss
scoring_elements 0.1195
published_at 2026-04-16T12:55:00Z
9
value 0.0004
scoring_system epss
scoring_elements 0.11946
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25809
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/opencontainers/runc
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/opencontainers/runc
5
reference_url https://github.com/opencontainers/runc/commit/0d62b950e60f6980b54fe3bafd9a9c608dc1df17
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L
1
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T16:02:19Z/
url https://github.com/opencontainers/runc/commit/0d62b950e60f6980b54fe3bafd9a9c608dc1df17
6
reference_url https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L
1
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T16:02:19Z/
url https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25809
reference_id
reference_type
scores
0
value 2.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:L
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25809
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2182884
reference_id 2182884
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2182884
9
reference_url https://security.gentoo.org/glsa/202408-25
reference_id GLSA-202408-25
reference_type
scores
url https://security.gentoo.org/glsa/202408-25
10
reference_url https://access.redhat.com/errata/RHSA-2023:1326
reference_id RHSA-2023:1326
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:1326
11
reference_url https://access.redhat.com/errata/RHSA-2023:6380
reference_id RHSA-2023:6380
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6380
12
reference_url https://access.redhat.com/errata/RHSA-2023:6938
reference_id RHSA-2023:6938
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6938
13
reference_url https://access.redhat.com/errata/RHSA-2023:6939
reference_id RHSA-2023:6939
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:6939
14
reference_url https://usn.ubuntu.com/6088-1/
reference_id USN-6088-1
reference_type
scores
url https://usn.ubuntu.com/6088-1/
15
reference_url https://usn.ubuntu.com/6088-2/
reference_id USN-6088-2
reference_type
scores
url https://usn.ubuntu.com/6088-2/
fixed_packages
aliases CVE-2023-25809, GHSA-m8cg-xc2p-r3fc
risk_score 2.9
exploitability 0.5
weighted_severity 5.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v2ys-xbn5-guh4
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/runc@4:1.1.9-1%3Farch=el9