Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-qesp-mexv-ekdq

Summary

Bubblewrap misuses temporary directories allowing local code
    execution.

Aliases

alias	CVE-2019-12439

Fixed_packages

url	pkg:deb/debian/bubblewrap@0.3.1-3?distro=trixie
purl	pkg:deb/debian/bubblewrap@0.3.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.3.1-3%3Fdistro=trixie

url pkg:deb/debian/bubblewrap@0.3.1-4

purl pkg:deb/debian/bubblewrap@0.3.1-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vtup-4qk6-guf4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.3.1-4

url	pkg:deb/debian/bubblewrap@0.4.1-3?distro=trixie
purl	pkg:deb/debian/bubblewrap@0.4.1-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.4.1-3%3Fdistro=trixie

url	pkg:deb/debian/bubblewrap@0.8.0-2%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/bubblewrap@0.8.0-2%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.8.0-2%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/bubblewrap@0.11.0-2?distro=trixie
purl	pkg:deb/debian/bubblewrap@0.11.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.11.0-2%3Fdistro=trixie

url	pkg:deb/debian/bubblewrap@0.11.1-1?distro=trixie
purl	pkg:deb/debian/bubblewrap@0.11.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.11.1-1%3Fdistro=trixie

url	pkg:ebuild/sys-apps/bubblewrap@0.4.1
purl	pkg:ebuild/sys-apps/bubblewrap@0.4.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/sys-apps/bubblewrap@0.4.1

Affected_packages

url pkg:deb/debian/bubblewrap@0.1.7-1~bpo8%2B1

purl pkg:deb/debian/bubblewrap@0.1.7-1~bpo8%2B1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qesp-mexv-ekdq

vulnerability	VCID-vtup-4qk6-guf4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.1.7-1~bpo8%252B1

url pkg:deb/debian/bubblewrap@0.1.7-1

purl pkg:deb/debian/bubblewrap@0.1.7-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qesp-mexv-ekdq

vulnerability	VCID-vtup-4qk6-guf4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/bubblewrap@0.1.7-1

url pkg:rpm/redhat/ansible-runner@1.3.4-2?arch=el7ar

purl pkg:rpm/redhat/ansible-runner@1.3.4-2?arch=el7ar

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2g54-3acq-pbha

vulnerability	VCID-3af2-c1m7-3kdr

vulnerability	VCID-3t8t-yt9b-1fce

vulnerability	VCID-6fxc-s6ht-x7ht

vulnerability	VCID-6wxf-ewtr-z3hb

vulnerability	VCID-9wej-f7zx-pfeq

vulnerability	VCID-bhq3-j6aj-1yae

vulnerability	VCID-bsbd-bsbq-7qdk

vulnerability	VCID-hmcs-7s53-mbft

vulnerability	VCID-mv26-fzn6-vycf

vulnerability	VCID-nmya-eyxd-9ybe

vulnerability	VCID-qesp-mexv-ekdq

vulnerability	VCID-sw69-1r7d-kkht

vulnerability	VCID-z6er-42pm-7ubq

vulnerability	VCID-zx5n-czhy-6qgu

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-runner@1.3.4-2%3Farch=el7ar

url pkg:rpm/redhat/ansible-tower@3.5.0-1?arch=el7at

purl pkg:rpm/redhat/ansible-tower@3.5.0-1?arch=el7at

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qesp-mexv-ekdq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-tower@3.5.0-1%3Farch=el7at

url pkg:rpm/redhat/bubblewrap@0.3.3-2?arch=el7at

purl pkg:rpm/redhat/bubblewrap@0.3.3-2?arch=el7at

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qesp-mexv-ekdq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/bubblewrap@0.3.3-2%3Farch=el7at

url pkg:rpm/redhat/cfme@5.10.7.1-1?arch=el7cf

purl pkg:rpm/redhat/cfme@5.10.7.1-1?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qesp-mexv-ekdq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cfme@5.10.7.1-1%3Farch=el7cf

url pkg:rpm/redhat/cfme-amazon-smartstate@5.10.7.1-1?arch=el7cf

purl pkg:rpm/redhat/cfme-amazon-smartstate@5.10.7.1-1?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qesp-mexv-ekdq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cfme-amazon-smartstate@5.10.7.1-1%3Farch=el7cf

url pkg:rpm/redhat/cfme-appliance@5.10.7.1-1?arch=el7cf

purl pkg:rpm/redhat/cfme-appliance@5.10.7.1-1?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qesp-mexv-ekdq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cfme-appliance@5.10.7.1-1%3Farch=el7cf

url pkg:rpm/redhat/cfme-gemset@5.10.7.1-1?arch=el7cf

purl pkg:rpm/redhat/cfme-gemset@5.10.7.1-1?arch=el7cf

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qesp-mexv-ekdq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cfme-gemset@5.10.7.1-1%3Farch=el7cf

url pkg:rpm/redhat/ovirt-ansible-hosted-engine-setup@1.0.20-1?arch=el7ev

purl pkg:rpm/redhat/ovirt-ansible-hosted-engine-setup@1.0.20-1?arch=el7ev

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qesp-mexv-ekdq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ovirt-ansible-hosted-engine-setup@1.0.20-1%3Farch=el7ev

url pkg:rpm/redhat/ovirt-ansible-image-template@1.1.11-1?arch=el7ev

purl pkg:rpm/redhat/ovirt-ansible-image-template@1.1.11-1?arch=el7ev

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qesp-mexv-ekdq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ovirt-ansible-image-template@1.1.11-1%3Farch=el7ev

url pkg:rpm/redhat/ovirt-ansible-manageiq@1.1.14-1?arch=el7ev

purl pkg:rpm/redhat/ovirt-ansible-manageiq@1.1.14-1?arch=el7ev

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qesp-mexv-ekdq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ovirt-ansible-manageiq@1.1.14-1%3Farch=el7ev

url pkg:rpm/redhat/ovirt-ansible-vm-infra@1.1.18-1?arch=el7ev

purl pkg:rpm/redhat/ovirt-ansible-vm-infra@1.1.18-1?arch=el7ev

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-qesp-mexv-ekdq

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ovirt-ansible-vm-infra@1.1.18-1%3Farch=el7ev

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12439.json

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12439.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12439

reference_id

reference_type

scores

value	0.0015
scoring_system	epss
scoring_elements	0.35463
published_at	2026-04-01T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35662
published_at	2026-04-02T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35687
published_at	2026-04-04T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35567
published_at	2026-04-07T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35613
published_at	2026-04-08T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35637
published_at	2026-04-09T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35646
published_at	2026-04-11T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35602
published_at	2026-04-12T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35579
published_at	2026-04-13T12:55:00Z

value	0.0015
scoring_system	epss
scoring_elements	0.35618
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12439

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12439
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12439

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1695963
reference_id	1695963
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1695963

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923557
reference_id	923557
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923557

reference_url	https://security.gentoo.org/glsa/202006-18
reference_id	GLSA-202006-18
reference_type
scores
url	https://security.gentoo.org/glsa/202006-18

reference_url	https://access.redhat.com/errata/RHSA-2019:1833
reference_id	RHSA-2019:1833
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2019:1833

Weaknesses

cwe_id	377
name	Insecure Temporary File
description	Creating and using insecure temporary files can leave application and system data vulnerable to attack.

Exploits

Severity_range_score 7.0 - 7.0

Exploitability 0.5

Weighted_severity 6.3

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qesp-mexv-ekdq

Vulnerability Instance