Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-5ftw-539a-kbdz

Summary

"Verify All" Returns Success Despite Validation Failures in Singularity
### Impact

The `--all / -a` option to `singularity verify` returns success even when some objects in a SIF container are not signed, or cannot be verified.

The SIF objects that are not verified are reported in `WARNING` log messages, but a `Container Verified` message and exit code of `0`  are returned.

Workflows that verify a container using `--all / -a` and use the exit code as an indicator of success are vulnerable to running SIF containers that have unsigned, or modified, objects that may be exploited to introduce malicious behavior.

```
$ singularity verify -a image.sif 
WARNING: Missing signature for SIF descriptor 2 (JSON.Generic)
WARNING: Missing signature for SIF descriptor 3 (FS)
Container is signed by 1 key(s):

Verifying partition: Def.FILE:
12045C8C0B1004D058DE4BEDA20C27EE7FF7BA84
[LOCAL]   Unit Test <unit@test.com>
[OK]      Data integrity verified

INFO:    Container verified: image.sif

$ echo $?
0
```


### Patches

Singularity 3.6.0 has a new implementation of sign/verify that fixes this issue.

All users are advised to upgrade to 3.6.0. Note that Singularity 3.6.0 uses a new signature format that is necessarily incompatible with Singularity < 3.6.0 - e.g. Singularity 3.5.3 cannot verify containers signed by 3.6.0.

Version 3.6.0 includes a `--legacy-insecure` flag for the `singularity verify` command, that will perform verification of the older, and insecure, legacy signatures for compatibility with existing containers. This does not guarantee that containers have not been modified since signing, due to other issues in the legacy signature format.

### Workarounds

If you are unable to update to 3.6.0 ensure that you do not rely on the return code of `singularity verify --all / -a` as an indicator of trust in a container.

Note that other issues in the sign/verify implementation in Singularity < 3.6.0 allow additional means to introduce malicious behavior to a signed container.


### For more information

General questions about the impact of the advisory / changes made in the 3.6.0 release can be asked in the:

* [Singularity Slack Channel](https://bit.ly/2m0g3lX)
* [Singularity Mailing List](https://groups.google.com/a/lbl.gov/forum/??sdf%7Csort:date#!forum/singularity)

Any sensitive security concerns should be directed to: security@sylabs.io

See our Security Policy here: https://sylabs.io/security-policy

Aliases

alias	CVE-2020-13846

alias	GHSA-6w7g-p4jh-rf92

Fixed_packages

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=ppc64le&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=ppc64le&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=ppc64le&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=x86&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=x86&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=x86_64&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=x86_64&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86_64&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=x86&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=x86&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=loongarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=loongarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=loongarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=s390x&distroversion=edge&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=s390x&distroversion=edge&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=s390x&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=s390x&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=s390x&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=x86&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=x86&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=s390x&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=s390x&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=s390x&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=x86&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=x86&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=aarch64&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=armhf&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=armhf&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armhf&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=armv7&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=armv7&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armv7&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=s390x&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=s390x&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=s390x&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=aarch64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=aarch64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=aarch64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=armhf&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=armhf&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armhf&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=armv7&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=armv7&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armv7&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=ppc64le&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=ppc64le&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=ppc64le&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=riscv64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=riscv64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=riscv64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=s390x&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=s390x&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=s390x&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=x86_64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=x86_64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86_64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=aarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=aarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=aarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=armhf&distroversion=edge&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=armhf&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armhf&distroversion=edge&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=armv7&distroversion=edge&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=armv7&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armv7&distroversion=edge&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=ppc64le&distroversion=edge&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=ppc64le&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=ppc64le&distroversion=edge&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=riscv64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=riscv64&distroversion=edge&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86&distroversion=edge&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=x86_64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=x86_64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86_64&distroversion=edge&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=aarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=aarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=aarch64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=armhf&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=armhf&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armhf&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=armv7&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=armv7&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armv7&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=loongarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=loongarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=riscv64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=riscv64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=riscv64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=s390x&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=s390x&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=s390x&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=x86&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=x86&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=armhf&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=armhf&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armhf&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=armv7&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=armv7&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armv7&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=ppc64le&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=ppc64le&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=riscv64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=riscv64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=riscv64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=x86_64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=x86_64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86_64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=aarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=aarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=aarch64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=armv7&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=armv7&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armv7&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=loongarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=loongarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=ppc64le&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=ppc64le&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=ppc64le&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=riscv64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=riscv64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=riscv64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=x86_64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=x86_64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86_64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=ppc64le&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=ppc64le&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=x86_64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=x86_64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86_64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=aarch64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=aarch64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=aarch64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/singularity@3.6.0-r0?arch=armhf&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/singularity@3.6.0-r0?arch=armhf&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armhf&distroversion=v3.22&reponame=community

url	pkg:deb/debian/singularity-container@3.9.5%2Bds1-2?distro=sid
purl	pkg:deb/debian/singularity-container@3.9.5%2Bds1-2?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/singularity-container@3.9.5%252Bds1-2%3Fdistro=sid

url	pkg:deb/debian/singularity-container@4.1.5%2Bds4-1?distro=sid
purl	pkg:deb/debian/singularity-container@4.1.5%2Bds4-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/singularity-container@4.1.5%252Bds4-1%3Fdistro=sid

Affected_packages

References

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-13846

reference_id

reference_type

scores

value	0.00368
scoring_system	epss
scoring_elements	0.58778
published_at	2026-04-21T12:55:00Z

value	0.00368
scoring_system	epss
scoring_elements	0.58756
published_at	2026-04-04T12:55:00Z

value	0.00368
scoring_system	epss
scoring_elements	0.58723
published_at	2026-04-07T12:55:00Z

value	0.00368
scoring_system	epss
scoring_elements	0.58776
published_at	2026-04-08T12:55:00Z

value	0.00368
scoring_system	epss
scoring_elements	0.58783
published_at	2026-04-12T12:55:00Z

value	0.00368
scoring_system	epss
scoring_elements	0.58801
published_at	2026-04-11T12:55:00Z

value	0.00368
scoring_system	epss
scoring_elements	0.58763
published_at	2026-04-13T12:55:00Z

value	0.00368
scoring_system	epss
scoring_elements	0.58795
published_at	2026-04-16T12:55:00Z

value	0.00368
scoring_system	epss
scoring_elements	0.588
published_at	2026-04-18T12:55:00Z

value	0.00368
scoring_system	epss
scoring_elements	0.58651
published_at	2026-04-01T12:55:00Z

value	0.00368
scoring_system	epss
scoring_elements	0.58735
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-13846

reference_url

https://github.com/hpcng/singularity/security/advisories/GHSA-6w7g-p4jh-rf92

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hpcng/singularity/security/advisories/GHSA-6w7g-p4jh-rf92

reference_url

https://github.com/sylabs/singularity

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/sylabs/singularity

reference_url

https://medium.com/sylabs

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://medium.com/sylabs

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-13846

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-13846

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965040
reference_id	965040
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965040

Weaknesses

Exploits

Severity_range_score 7.0 - 8.9

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5ftw-539a-kbdz

Vulnerability Instance