Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-b1v9-q2r1-gfcf

Summary

scs-library-client may leak user credentials to third-party service via HTTP redirect
### Impact

When the scs-library-client is used to pull a container image, with authentication, the HTTP Authorization header sent by the client to the library service may be incorrectly leaked to an S3 backing storage provider. This occurs in a specific flow, where the library service redirects the client to a backing S3 storage server, to perform a multi-part concurrent download.

Depending on site configuration, the S3 service may be provided by a third party. An attacker with access to the S3 service may be able to extract user credentials, allowing them to impersonate the user.

The vulnerable multi-part concurrent download flow, with redirect to S3, is only used when communicating with a Singularity Enterprise 1.x installation, or third party server implementing this flow.

Interaction with Singularity Enterprise 2.x, and Singularity Container Services (cloud.sylabs.io), does not trigger the vulnerable flow.

We encourage all users to update. Users who interact with a Singularity Enterprise 1.x installation, using a 3rd party S3 storage service, are advised to revoke and recreate their authentication tokens within Singularity Enterprise.

### Patches

The security issue was identified after the integration of a bug-fix commit 68ac4ca into the previously released scs-library-client 1.3.4. This commit fixes the security issue in the 1.3 series.

scs-library-client 1.4.2 contains a fix for the same vulnerability in the 1.4 series, as commit eebd7ca.

### Workarounds

There is no workaround available at this time.

As above, access to Singularity Enterprise 2.x, or Singularity Container Services (cloud.sylabs.io), does not trigger the vulnerable flow.

### References

https://cwe.mitre.org/data/definitions/522.html

Aliases

alias	CVE-2022-23538

alias	GHSA-7p8m-22h4-9pj7

Fixed_packages

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=armhf&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=armhf&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=armhf&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=s390x&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=s390x&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=s390x&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=x86&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=x86&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=x86&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=x86_64&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=x86_64&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=x86_64&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=armhf&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=armhf&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=armhf&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=loongarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=loongarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=ppc64le&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=ppc64le&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=riscv64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=riscv64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=riscv64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=aarch64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=aarch64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=aarch64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=armhf&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=armhf&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=armhf&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=armv7&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=armv7&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=armv7&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=ppc64le&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=ppc64le&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=s390x&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=s390x&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=s390x&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=x86_64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=x86_64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=x86_64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=loongarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=loongarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=loongarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=riscv64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=riscv64&distroversion=edge&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=s390x&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=s390x&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=s390x&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=x86&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=x86&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=x86&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=aarch64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=aarch64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=aarch64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=armhf&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=armhf&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=armhf&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=armv7&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=armv7&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=armv7&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=loongarch64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=loongarch64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=ppc64le&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=ppc64le&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=ppc64le&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=riscv64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=riscv64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=riscv64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=s390x&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=s390x&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=s390x&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=x86&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=x86&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=x86&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=armv7&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=armv7&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=armv7&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=aarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=aarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=aarch64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=armv7&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=armv7&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=armv7&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=aarch64&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=aarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=aarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=aarch64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=s390x&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=s390x&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=s390x&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=x86&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=x86&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=x86&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=aarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=aarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=aarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=s390x&distroversion=edge&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=s390x&distroversion=edge&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=x86&distroversion=edge&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=x86_64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=x86_64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=x86_64&distroversion=edge&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=armhf&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=armhf&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=armhf&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=loongarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=loongarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=ppc64le&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=ppc64le&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=ppc64le&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=x86_64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=x86_64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=x86_64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=x86_64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=x86_64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=x86_64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=armv7&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=armv7&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=armv7&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=ppc64le&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=ppc64le&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=ppc64le&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=x86_64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=x86_64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=x86_64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=riscv64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=riscv64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=riscv64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=armhf&distroversion=edge&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=armhf&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=armhf&distroversion=edge&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=armv7&distroversion=edge&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=armv7&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=armv7&distroversion=edge&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=ppc64le&distroversion=edge&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=ppc64le&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=ppc64le&distroversion=edge&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=riscv64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=riscv64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=riscv64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/apptainer@1.1.6-r0?arch=x86&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/apptainer@1.1.6-r0?arch=x86&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/apptainer@1.1.6-r0%3Farch=x86&distroversion=v3.20&reponame=community

url	pkg:deb/debian/singularity-container@3.11.0%2Bds1-1?distro=sid
purl	pkg:deb/debian/singularity-container@3.11.0%2Bds1-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/singularity-container@3.11.0%252Bds1-1%3Fdistro=sid

url	pkg:deb/debian/singularity-container@4.1.5%2Bds4-1?distro=sid
purl	pkg:deb/debian/singularity-container@4.1.5%2Bds4-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/singularity-container@4.1.5%252Bds4-1%3Fdistro=sid

url	pkg:golang/github.com/sylabs/scs-library-client@1.3.4
purl	pkg:golang/github.com/sylabs/scs-library-client@1.3.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/github.com/sylabs/scs-library-client@1.3.4

url	pkg:golang/github.com/sylabs/scs-library-client@1.4.2
purl	pkg:golang/github.com/sylabs/scs-library-client@1.4.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:golang/github.com/sylabs/scs-library-client@1.4.2

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-23538

reference_id

reference_type

scores

value	0.00378
scoring_system	epss
scoring_elements	0.59367
published_at	2026-04-21T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59312
published_at	2026-04-02T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59336
published_at	2026-04-04T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.593
published_at	2026-04-07T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59351
published_at	2026-04-08T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59363
published_at	2026-04-09T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59383
published_at	2026-04-11T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59366
published_at	2026-04-12T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59348
published_at	2026-04-13T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.5938
published_at	2026-04-16T12:55:00Z

value	0.00378
scoring_system	epss
scoring_elements	0.59387
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-23538

reference_url

https://github.com/sylabs/scs-library-client

reference_id

reference_type

scores

value	5.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/sylabs/scs-library-client

reference_url

https://github.com/sylabs/scs-library-client/commit/68ac4cab5cda0afd8758ff5b5e2e57be6a22fcfa

reference_id

reference_type

scores

value	5.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:54Z/

url

https://github.com/sylabs/scs-library-client/commit/68ac4cab5cda0afd8758ff5b5e2e57be6a22fcfa

reference_url

https://github.com/sylabs/scs-library-client/commit/b5db2aacba6bf1231f42dd475cc32e6355ab47b2

reference_id

reference_type

scores

value	5.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:54Z/

url

https://github.com/sylabs/scs-library-client/commit/b5db2aacba6bf1231f42dd475cc32e6355ab47b2

reference_url

https://github.com/sylabs/scs-library-client/commit/eebd7caaab310b1fa803e55b8fc1acd9dcd2d00c

reference_id

reference_type

scores

value	5.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:54Z/

url

https://github.com/sylabs/scs-library-client/commit/eebd7caaab310b1fa803e55b8fc1acd9dcd2d00c

reference_url

https://github.com/sylabs/scs-library-client/security/advisories/GHSA-7p8m-22h4-9pj7

reference_id

reference_type

scores

value	5.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T20:59:54Z/

url

https://github.com/sylabs/scs-library-client/security/advisories/GHSA-7p8m-22h4-9pj7

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-23538

reference_id

reference_type

scores

value	5.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-23538

reference_url

https://pkg.go.dev/vuln/GO-2023-1497

reference_id

reference_type

scores

value	5.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://pkg.go.dev/vuln/GO-2023-1497

Weaknesses

cwe_id	522
name	Insufficiently Protected Credentials
description	The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

cwe_id	601
name	URL Redirection to Untrusted Site ('Open Redirect')
description	A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b1v9-q2r1-gfcf

Vulnerability Instance