Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-qz7w-3qvp-ykan

Summary

Path traversal and files overwrite with unsquashfs in singularity
### Impact

Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs` (a distribution provided utility used by Singularity), it is possible to overwrite/create any files on the host filesystem during the extraction of a crafted squashfs filesystem.

Squashfs extraction occurs automatically for unprivileged execution of Singularity (either `--without-suid` installation or with `allow setuid = no`) when a user attempts to run an image which:

- is a local SIF image or a single file containing a squashfs filesystem
- is pulled from remote sources `library://` or `shub://`

Image build is also impacted in a more serious way as it is often performed by the root user, allowing an attacker to overwrite/create files leading to a system compromise.  Bootstrap methods `library`, `shub` and `localimage` trigger a squashfs extraction.

### Patches

This issue is addressed in Singularity 3.6.4.

All users are advised to upgrade to 3.6.4 especially if they use Singularity mainly for building image as root user.

### Workarounds

There is no solid workaround except to temporarily avoid use of unprivileged mode with single file images, in favor of sandbox images instead. Regarding image build, temporarily avoid building from `library` and `shub` sources, and as much as possible use `--fakeroot` or a VM to limit potential impact.

### For more information

General questions about the impact of the advisory / changes made in the 3.6.0 release can be asked in the:

* [Singularity Slack Channel](https://bit.ly/2m0g3lX)
* [Singularity Mailing List](https://groups.google.com/a/lbl.gov/forum/??sdf%7Csort:date#!forum/singularity)

Any sensitive security concerns should be directed to: security@sylabs.io

See our Security Policy here: https://sylabs.io/security-policy

Aliases

alias	CVE-2020-15229

alias	GHSA-7gcp-w6ww-2xv9

Fixed_packages

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=loongarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=loongarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=loongarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=ppc64le&distroversion=edge&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=ppc64le&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=ppc64le&distroversion=edge&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=x86_64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=x86_64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=x86_64&distroversion=edge&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=armv7&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=armv7&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=armv7&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=loongarch64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=loongarch64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=s390x&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=s390x&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=s390x&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=x86&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=x86&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=x86&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=ppc64le&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=ppc64le&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=armhf&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=armhf&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=armhf&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=armv7&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=armv7&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=armv7&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=armv7&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=armv7&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=armv7&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=s390x&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=s390x&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=s390x&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=x86_64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=x86_64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=x86_64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=aarch64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=aarch64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=aarch64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=armv7&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=armv7&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=armv7&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=aarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=aarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=aarch64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=ppc64le&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=ppc64le&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=ppc64le&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=aarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=aarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=aarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=armhf&distroversion=edge&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=armhf&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=armhf&distroversion=edge&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=armv7&distroversion=edge&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=armv7&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=armv7&distroversion=edge&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=riscv64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=riscv64&distroversion=edge&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=s390x&distroversion=edge&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=s390x&distroversion=edge&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=x86&distroversion=edge&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=armhf&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=armhf&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=armhf&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=ppc64le&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=ppc64le&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=ppc64le&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=x86&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=x86&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=x86&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=s390x&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=s390x&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=s390x&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=x86&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=x86&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=x86&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=armhf&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=armhf&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=armhf&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=ppc64le&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=ppc64le&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=x86&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=x86&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=x86&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=aarch64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=aarch64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=aarch64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=riscv64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=riscv64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=riscv64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=x86_64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=x86_64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=x86_64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=armv7&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=armv7&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=armv7&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=riscv64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=riscv64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=riscv64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=s390x&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=s390x&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=s390x&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=x86_64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=x86_64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=x86_64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=aarch64&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=x86&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=x86&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=x86&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=x86_64&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=x86_64&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=x86_64&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=armhf&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=armhf&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=armhf&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=loongarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=loongarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=ppc64le&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=ppc64le&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=ppc64le&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=riscv64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=riscv64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=riscv64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=riscv64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=riscv64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=riscv64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=s390x&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=s390x&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=s390x&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=x86_64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=x86_64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=x86_64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=aarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=aarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=aarch64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=armhf&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=armhf&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=armhf&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/singularity@3.6.4-r0?arch=loongarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/singularity@3.6.4-r0?arch=loongarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.4-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community

url	pkg:deb/debian/singularity-container@3.9.5%2Bds1-2?distro=sid
purl	pkg:deb/debian/singularity-container@3.9.5%2Bds1-2?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/singularity-container@3.9.5%252Bds1-2%3Fdistro=sid

url	pkg:deb/debian/singularity-container@4.1.5%2Bds4-1?distro=sid
purl	pkg:deb/debian/singularity-container@4.1.5%2Bds4-1?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/singularity-container@4.1.5%252Bds4-1%3Fdistro=sid

Affected_packages

References

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00070.html

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00070.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00071.html

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00071.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00009.html

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00009.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-15229

reference_id

reference_type

scores

value	0.00876
scoring_system	epss
scoring_elements	0.75368
published_at	2026-04-24T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.75278
published_at	2026-04-04T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.75255
published_at	2026-04-07T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.75298
published_at	2026-04-08T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.75309
published_at	2026-04-09T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.7533
published_at	2026-04-11T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.75308
published_at	2026-04-12T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.75297
published_at	2026-04-13T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.75336
published_at	2026-04-16T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.75343
published_at	2026-04-18T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.75333
published_at	2026-04-21T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.75243
published_at	2026-04-01T12:55:00Z

value	0.00876
scoring_system	epss
scoring_elements	0.75246
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-15229

reference_url

https://github.com/hpcng/singularity/blob/v3.6.4/CHANGELOG.md#security-related-fixes

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hpcng/singularity/blob/v3.6.4/CHANGELOG.md#security-related-fixes

reference_url

https://github.com/hpcng/singularity/commit/eba3dea260b117198fdb6faf41f2482ab2f8d53e

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hpcng/singularity/commit/eba3dea260b117198fdb6faf41f2482ab2f8d53e

reference_url

https://github.com/hpcng/singularity/pull/5611

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hpcng/singularity/pull/5611

reference_url

https://github.com/hpcng/singularity/security/advisories/GHSA-7gcp-w6ww-2xv9

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/hpcng/singularity/security/advisories/GHSA-7gcp-w6ww-2xv9

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-15229

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-15229

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972212
reference_id	972212
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972212

Weaknesses

cwe_id	22
name	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
description	The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qz7w-3qvp-ykan

Vulnerability Instance