Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-sur2-ewj3-8bgx
Summary
Kubernetes allows Command Injection affecting Windows nodes via nodes/*/logs/query API
A security vulnerability has been discovered in Kubernetes windows nodes that could allow a user with the ability to query a node's '/logs' endpoint to execute arbitrary commands on the host.  This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below.
Aliases
0
alias CVE-2024-9042
1
alias GHSA-vv39-3w5q-974q
Fixed_packages
0
url pkg:deb/debian/kubernetes@0?distro=trixie
purl pkg:deb/debian/kubernetes@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@0%3Fdistro=trixie
1
url pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1?distro=trixie
purl pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42kp-8t9h-dfat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.20.5%252Breally1.20.2-1%3Fdistro=trixie
2
url pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1.1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1.1%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.20.5%252Breally1.20.2-1.1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/kubernetes@1.32.3%2Bds-2?distro=trixie
purl pkg:deb/debian/kubernetes@1.32.3%2Bds-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.32.3%252Bds-2%3Fdistro=trixie
4
url pkg:deb/debian/kubernetes@1.33.4%2Bds-1?distro=trixie
purl pkg:deb/debian/kubernetes@1.33.4%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.33.4%252Bds-1%3Fdistro=trixie
5
url pkg:golang/k8s.io/kubernetes@1.29.13
purl pkg:golang/k8s.io/kubernetes@1.29.13
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/k8s.io/kubernetes@1.29.13
6
url pkg:golang/k8s.io/kubernetes@1.30.9
purl pkg:golang/k8s.io/kubernetes@1.30.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/k8s.io/kubernetes@1.30.9
7
url pkg:golang/k8s.io/kubernetes@1.31.5
purl pkg:golang/k8s.io/kubernetes@1.31.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/k8s.io/kubernetes@1.31.5
8
url pkg:golang/k8s.io/kubernetes@1.32.1
purl pkg:golang/k8s.io/kubernetes@1.32.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/k8s.io/kubernetes@1.32.1
Affected_packages
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9042.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9042.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-9042
reference_id
reference_type
scores
0
value 0.00345
scoring_system epss
scoring_elements 0.57063
published_at 2026-04-24T12:55:00Z
1
value 0.00345
scoring_system epss
scoring_elements 0.57154
published_at 2026-04-18T12:55:00Z
2
value 0.00345
scoring_system epss
scoring_elements 0.57131
published_at 2026-04-13T12:55:00Z
3
value 0.00345
scoring_system epss
scoring_elements 0.57151
published_at 2026-04-12T12:55:00Z
4
value 0.00345
scoring_system epss
scoring_elements 0.57172
published_at 2026-04-11T12:55:00Z
5
value 0.00345
scoring_system epss
scoring_elements 0.5716
published_at 2026-04-09T12:55:00Z
6
value 0.00345
scoring_system epss
scoring_elements 0.57107
published_at 2026-04-07T12:55:00Z
7
value 0.00345
scoring_system epss
scoring_elements 0.5713
published_at 2026-04-04T12:55:00Z
8
value 0.00345
scoring_system epss
scoring_elements 0.57108
published_at 2026-04-02T12:55:00Z
9
value 0.00345
scoring_system epss
scoring_elements 0.57158
published_at 2026-04-16T12:55:00Z
10
value 0.00355
scoring_system epss
scoring_elements 0.57832
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-9042
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/kubernetes/kubernetes
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes
4
reference_url https://github.com/kubernetes/kubernetes/commit/45f4ccc2153bbb782253704cbe24c05e22b5d60c
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/commit/45f4ccc2153bbb782253704cbe24c05e22b5d60c
5
reference_url https://github.com/kubernetes/kubernetes/commit/5fe148234f8ab1184f26069c4f7bef6c37efe347
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/commit/5fe148234f8ab1184f26069c4f7bef6c37efe347
6
reference_url https://github.com/kubernetes/kubernetes/commit/75c83a6871dc030675288c6d63c275a43c2f0d55
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/commit/75c83a6871dc030675288c6d63c275a43c2f0d55
7
reference_url https://github.com/kubernetes/kubernetes/commit/fb0187c2bf7061258bb89891edb1237261eb7abc
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/commit/fb0187c2bf7061258bb89891edb1237261eb7abc
8
reference_url https://github.com/kubernetes/kubernetes/issues/129654
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-13T19:24:29Z/
url https://github.com/kubernetes/kubernetes/issues/129654
9
reference_url https://groups.google.com/g/kubernetes-security-announce/c/9C3vn6aCSVg
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-13T19:24:29Z/
url https://groups.google.com/g/kubernetes-security-announce/c/9C3vn6aCSVg
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-9042
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-9042
11
reference_url http://www.openwall.com/lists/oss-security/2025/01/16/1
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/01/16/1
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2337297
reference_id 2337297
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2337297
13
reference_url https://access.redhat.com/errata/RHSA-2025:8704
reference_id RHSA-2025:8704
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8704
14
reference_url https://access.redhat.com/errata/RHSA-2025:9136
reference_id RHSA-2025:9136
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9136
Weaknesses
0
cwe_id 20
name Improper Input Validation
description The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
1
cwe_id 77
name Improper Neutralization of Special Elements used in a Command ('Command Injection')
description The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
2
cwe_id 78
name Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
description The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Exploits
Severity_range_score4.0 - 6.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-sur2-ewj3-8bgx