Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-g3wj-7845-e3bs
Summary
CRI-O vulnerable to an arbitrary systemd property injection
### Impact
On CRI-O, it looks like an arbitrary systemd property can be injected via a Pod annotation:
```
---
apiVersion: v1
kind: Pod
metadata:
  name: poc-arbitrary-systemd-property-injection
  annotations:
    # I believe that ExecStart with an arbitrary command works here too,
    # but I haven't figured out how to marshalize the ExecStart struct to gvariant string.
    org.systemd.property.SuccessAction: "'poweroff-force'"
spec:
  containers:
    - name: hello
      image: [quay.io/podman/hello](http://quay.io/podman/hello)
```

This means that any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.

Tested with CRI-O v1.24 on minikube.
I didn't test the latest v1.29 because it is incompatible with minikube: https://github.com/kubernetes/minikube/pull/18367

Thanks to Cédric Clerget (GitHub ID @cclerget) for finding out that CRI-O just passes pod annotations to OCI annotations:
https://github.com/opencontainers/runc/pull/3923#discussion_r1532292536

CRI-O has to filter out annotations that have the prefix "org.systemd.property."

See also:
- https://github.com/opencontainers/runtime-spec/blob/main/features.md#unsafe-annotations-in-configjson
- https://github.com/opencontainers/runc/pull/4217


### Workarounds
Unfortunately, the only workarounds would involve an external mutating webhook to disallow these annotations

### References
Aliases
0
alias CVE-2024-3154
1
alias GHSA-2cgq-h8xw-2v5j
Fixed_packages
0
url pkg:golang/github.com/cri-o/cri-o@1.27.6
purl pkg:golang/github.com/cri-o/cri-o@1.27.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/cri-o/cri-o@1.27.6
1
url pkg:golang/github.com/cri-o/cri-o@1.28.6
purl pkg:golang/github.com/cri-o/cri-o@1.28.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/cri-o/cri-o@1.28.6
2
url pkg:golang/github.com/cri-o/cri-o@1.29.4
purl pkg:golang/github.com/cri-o/cri-o@1.29.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/cri-o/cri-o@1.29.4
Affected_packages
0
url pkg:rpm/redhat/cri-o@1.25.5-16.2.rhaos4.12.gitcb09013?arch=el8
purl pkg:rpm/redhat/cri-o@1.25.5-16.2.rhaos4.12.gitcb09013?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g3wj-7845-e3bs
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cri-o@1.25.5-16.2.rhaos4.12.gitcb09013%3Farch=el8
1
url pkg:rpm/redhat/cri-o@1.26.5-16.2.rhaos4.13.git67e2a9d?arch=el8
purl pkg:rpm/redhat/cri-o@1.26.5-16.2.rhaos4.13.git67e2a9d?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g3wj-7845-e3bs
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cri-o@1.26.5-16.2.rhaos4.13.git67e2a9d%3Farch=el8
2
url pkg:rpm/redhat/cri-o@1.27.6-2.rhaos4.14.gitb3bd0bf?arch=el8
purl pkg:rpm/redhat/cri-o@1.27.6-2.rhaos4.14.gitb3bd0bf?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bq1t-9nnj-mkes
1
vulnerability VCID-g3wj-7845-e3bs
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cri-o@1.27.6-2.rhaos4.14.gitb3bd0bf%3Farch=el8
3
url pkg:rpm/redhat/cri-o@1.28.6-2.rhaos4.15.git77bbb1c?arch=el8
purl pkg:rpm/redhat/cri-o@1.28.6-2.rhaos4.15.git77bbb1c?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-bq1t-9nnj-mkes
1
vulnerability VCID-g3wj-7845-e3bs
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cri-o@1.28.6-2.rhaos4.15.git77bbb1c%3Farch=el8
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3154.json
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-3154.json
1
reference_url https://access.redhat.com/security/cve/CVE-2024-3154
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-26T17:14:54Z/
url https://access.redhat.com/security/cve/CVE-2024-3154
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-3154
reference_id
reference_type
scores
0
value 0.00272
scoring_system epss
scoring_elements 0.50668
published_at 2026-04-21T12:55:00Z
1
value 0.00272
scoring_system epss
scoring_elements 0.50604
published_at 2026-04-02T12:55:00Z
2
value 0.00272
scoring_system epss
scoring_elements 0.50631
published_at 2026-04-04T12:55:00Z
3
value 0.00272
scoring_system epss
scoring_elements 0.50585
published_at 2026-04-07T12:55:00Z
4
value 0.00272
scoring_system epss
scoring_elements 0.50639
published_at 2026-04-08T12:55:00Z
5
value 0.00272
scoring_system epss
scoring_elements 0.50636
published_at 2026-04-09T12:55:00Z
6
value 0.00272
scoring_system epss
scoring_elements 0.50678
published_at 2026-04-11T12:55:00Z
7
value 0.00272
scoring_system epss
scoring_elements 0.50655
published_at 2026-04-12T12:55:00Z
8
value 0.00272
scoring_system epss
scoring_elements 0.5064
published_at 2026-04-13T12:55:00Z
9
value 0.00272
scoring_system epss
scoring_elements 0.50682
published_at 2026-04-16T12:55:00Z
10
value 0.00272
scoring_system epss
scoring_elements 0.50688
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-3154
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2272532
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-26T17:14:54Z/
url https://bugzilla.redhat.com/show_bug.cgi?id=2272532
4
reference_url https://github.com/cri-o/cri-o
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/cri-o/cri-o
5
reference_url https://github.com/cri-o/cri-o/security/advisories/GHSA-2cgq-h8xw-2v5j
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-26T17:14:54Z/
url https://github.com/cri-o/cri-o/security/advisories/GHSA-2cgq-h8xw-2v5j
6
reference_url https://github.com/opencontainers/runc/pull/4217
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-26T17:14:54Z/
url https://github.com/opencontainers/runc/pull/4217
7
reference_url https://github.com/opencontainers/runtime-spec/blob/main/features.md#unsafe-annotations-in-configjson
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-26T17:14:54Z/
url https://github.com/opencontainers/runtime-spec/blob/main/features.md#unsafe-annotations-in-configjson
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-3154
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-3154
9
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:3.11
reference_id cpe:/a:redhat:openshift:3.11
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:3.11
10
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8
reference_id cpe:/a:redhat:openshift:4.12::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8
11
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el9
reference_id cpe:/a:redhat:openshift:4.12::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el9
12
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el8
reference_id cpe:/a:redhat:openshift:4.13::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el8
13
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9
reference_id cpe:/a:redhat:openshift:4.13::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9
14
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el8
reference_id cpe:/a:redhat:openshift:4.14::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el8
15
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9
reference_id cpe:/a:redhat:openshift:4.14::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9
16
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el8
reference_id cpe:/a:redhat:openshift:4.15::el8
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el8
17
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9
reference_id cpe:/a:redhat:openshift:4.15::el9
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9
Weaknesses
0
cwe_id 77
name Improper Neutralization of Special Elements used in a Command ('Command Injection')
description The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-g3wj-7845-e3bs