Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-a2rx-fr2c-vqej

Summary

Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity
### Impact

Insecure permissions on temporary directories used in fakeroot or user namespace container execution.

When a Singularity action command (run, shell, exec) is run with the fakeroot or user namespace option, Singularity will extract a container image to a temporary sandbox directory. Due to insecure permissions on the temporary directory it is possible for any user with access to the system to read the contents of the image. Additionally, if the image contains a world-writable file or directory, it is possible for a user to inject arbitrary content into the running container.

### Patches

This issue is addressed in Singularity 3.6.3.

All users are advised to upgrade to 3.6.3.

### Workarounds

The issue is mitigated if `TMPDIR` is set to a location that is only accessible to the user, as any subdirectories directly under `TMPDIR` cannot then be accessed by others. However, this is difficult to enforce so it is not recommended to rely on this as a mitigation.

### For more information

General questions about the impact of the advisory / changes made in the 3.6.0 release can be asked in the:

* [Singularity Slack Channel](https://bit.ly/2m0g3lX)
* [Singularity Mailing List](https://groups.google.com/a/lbl.gov/forum/??sdf%7Csort:date#!forum/singularity)

Any sensitive security concerns should be directed to: security@sylabs.io

See our Security Policy here: https://sylabs.io/security-policy

Aliases

alias	CVE-2020-25039

alias	GHSA-w6v2-qchm-grj7

Fixed_packages

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=armv7&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=armv7&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=armv7&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=x86_64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=x86_64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=x86_64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=ppc64le&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=ppc64le&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=x86&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=x86&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=x86&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=aarch64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=aarch64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=aarch64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=armhf&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=armhf&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=armhf&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=armv7&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=armv7&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=armv7&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=riscv64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=riscv64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=riscv64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=s390x&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=s390x&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=s390x&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=x86_64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=x86_64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=x86_64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=loongarch64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=loongarch64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=x86&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=x86&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=x86&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=armhf&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=armhf&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=armhf&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=x86&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=x86&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=x86&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=x86&distroversion=edge&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=aarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=aarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=aarch64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=armhf&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=armhf&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=armhf&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=armv7&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=armv7&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=armv7&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=loongarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=loongarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=riscv64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=riscv64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=riscv64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=s390x&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=s390x&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=s390x&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=x86_64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=x86_64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=x86_64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=ppc64le&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=ppc64le&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=x86&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=x86&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=x86&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=aarch64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=aarch64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=aarch64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=armhf&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=armhf&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=armhf&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=ppc64le&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=ppc64le&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=ppc64le&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=s390x&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=s390x&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=s390x&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=aarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=aarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=aarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=ppc64le&distroversion=edge&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=ppc64le&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=ppc64le&distroversion=edge&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=riscv64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=riscv64&distroversion=edge&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=s390x&distroversion=edge&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=s390x&distroversion=edge&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=armhf&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=armhf&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=armhf&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=armv7&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=armv7&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=armv7&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=loongarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=loongarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=ppc64le&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=ppc64le&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=ppc64le&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=riscv64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=riscv64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=riscv64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=s390x&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=s390x&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=s390x&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=x86&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=x86&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=x86&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=riscv64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=riscv64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=riscv64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=armhf&distroversion=edge&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=armhf&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=armhf&distroversion=edge&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=armv7&distroversion=edge&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=armv7&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=armv7&distroversion=edge&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=loongarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=loongarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=loongarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=x86_64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=x86_64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=x86_64&distroversion=edge&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=aarch64&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=armv7&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=armv7&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=armv7&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=ppc64le&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=ppc64le&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=ppc64le&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=s390x&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=s390x&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=s390x&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=x86_64&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=x86_64&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=x86_64&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=x86_64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=x86_64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=x86_64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/singularity@3.6.3-r0?arch=aarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/singularity@3.6.3-r0?arch=aarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.3-r0%3Farch=aarch64&distroversion=v3.22&reponame=community

url	pkg:deb/debian/singularity-container@3.9.5%2Bds1-2?distro=sid
purl	pkg:deb/debian/singularity-container@3.9.5%2Bds1-2?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/singularity-container@3.9.5%252Bds1-2%3Fdistro=sid

url	pkg:deb/debian/singularity-container@4.1.5%2Bds4-1?distro=sid
purl	pkg:deb/debian/singularity-container@4.1.5%2Bds4-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/singularity-container@4.1.5%252Bds4-1%3Fdistro=sid

Affected_packages

References

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00070.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00070.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00088.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00088.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-25039

reference_id

reference_type

scores

value	0.00815
scoring_system	epss
scoring_elements	0.74322
published_at	2026-04-16T12:55:00Z

value	0.00815
scoring_system	epss
scoring_elements	0.74285
published_at	2026-04-13T12:55:00Z

value	0.00815
scoring_system	epss
scoring_elements	0.74239
published_at	2026-04-01T12:55:00Z

value	0.00815
scoring_system	epss
scoring_elements	0.74293
published_at	2026-04-12T12:55:00Z

value	0.00815
scoring_system	epss
scoring_elements	0.74244
published_at	2026-04-07T12:55:00Z

value	0.00815
scoring_system	epss
scoring_elements	0.74271
published_at	2026-04-04T12:55:00Z

value	0.00815
scoring_system	epss
scoring_elements	0.74276
published_at	2026-04-08T12:55:00Z

value	0.00815
scoring_system	epss
scoring_elements	0.74312
published_at	2026-04-11T12:55:00Z

value	0.00815
scoring_system	epss
scoring_elements	0.74291
published_at	2026-04-09T12:55:00Z

value	0.00815
scoring_system	epss
scoring_elements	0.74357
published_at	2026-04-24T12:55:00Z

value	0.00815
scoring_system	epss
scoring_elements	0.74324
published_at	2026-04-21T12:55:00Z

value	0.00815
scoring_system	epss
scoring_elements	0.74332
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-25039

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/hpcng/singularity/security/advisories/GHSA-w6v2-qchm-grj7

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hpcng/singularity/security/advisories/GHSA-w6v2-qchm-grj7

reference_url

https://medium.com/sylabs

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://medium.com/sylabs

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-25039

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-25039

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970465
reference_id	970465
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970465

Weaknesses

cwe_id	668
name	Exposure of Resource to Wrong Sphere
description	The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

cwe_id	732
name	Incorrect Permission Assignment for Critical Resource
description	The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Exploits

Severity_range_score 6.2 - 8.9

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a2rx-fr2c-vqej

Vulnerability Instance