Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-tgmf-r176-juce
Summary
Podman publishes a malicious image to public registries
Podman is a tool for managing OCI containers and pods. A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.
Aliases
0
alias CVE-2022-1227
1
alias GHSA-66vw-v2x9-hw75
Fixed_packages
0
url pkg:apk/alpine/podman@3.4.7-r0?arch=ppc64le&distroversion=v3.15&reponame=community
purl pkg:apk/alpine/podman@3.4.7-r0?arch=ppc64le&distroversion=v3.15&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podman@3.4.7-r0%3Farch=ppc64le&distroversion=v3.15&reponame=community
1
url pkg:apk/alpine/podman@3.4.7-r0?arch=s390x&distroversion=v3.15&reponame=community
purl pkg:apk/alpine/podman@3.4.7-r0?arch=s390x&distroversion=v3.15&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podman@3.4.7-r0%3Farch=s390x&distroversion=v3.15&reponame=community
2
url pkg:apk/alpine/podman@3.4.7-r0?arch=x86_64&distroversion=v3.15&reponame=community
purl pkg:apk/alpine/podman@3.4.7-r0?arch=x86_64&distroversion=v3.15&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podman@3.4.7-r0%3Farch=x86_64&distroversion=v3.15&reponame=community
3
url pkg:apk/alpine/podman@3.4.7-r0?arch=aarch64&distroversion=v3.15&reponame=community
purl pkg:apk/alpine/podman@3.4.7-r0?arch=aarch64&distroversion=v3.15&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podman@3.4.7-r0%3Farch=aarch64&distroversion=v3.15&reponame=community
4
url pkg:apk/alpine/podman@3.4.7-r0?arch=armhf&distroversion=v3.15&reponame=community
purl pkg:apk/alpine/podman@3.4.7-r0?arch=armhf&distroversion=v3.15&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podman@3.4.7-r0%3Farch=armhf&distroversion=v3.15&reponame=community
5
url pkg:apk/alpine/podman@3.4.7-r0?arch=armv7&distroversion=v3.15&reponame=community
purl pkg:apk/alpine/podman@3.4.7-r0?arch=armv7&distroversion=v3.15&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podman@3.4.7-r0%3Farch=armv7&distroversion=v3.15&reponame=community
6
url pkg:apk/alpine/podman@3.4.7-r0?arch=x86&distroversion=v3.15&reponame=community
purl pkg:apk/alpine/podman@3.4.7-r0?arch=x86&distroversion=v3.15&reponame=community
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:apk/alpine/podman@3.4.7-r0%3Farch=x86&distroversion=v3.15&reponame=community
7
url pkg:deb/debian/golang-github-containers-psgo@1.5.2-1%2Bdeb11u1?distro=trixie
purl pkg:deb/debian/golang-github-containers-psgo@1.5.2-1%2Bdeb11u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-containers-psgo@1.5.2-1%252Bdeb11u1%3Fdistro=trixie
8
url pkg:deb/debian/golang-github-containers-psgo@1.7.1%2Bds1-1?distro=trixie
purl pkg:deb/debian/golang-github-containers-psgo@1.7.1%2Bds1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-containers-psgo@1.7.1%252Bds1-1%3Fdistro=trixie
9
url pkg:deb/debian/golang-github-containers-psgo@1.9.0-1?distro=trixie
purl pkg:deb/debian/golang-github-containers-psgo@1.9.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-containers-psgo@1.9.0-1%3Fdistro=trixie
10
url pkg:deb/debian/golang-github-containers-psgo@1.10.0%2Bds1-2?distro=trixie
purl pkg:deb/debian/golang-github-containers-psgo@1.10.0%2Bds1-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-containers-psgo@1.10.0%252Bds1-2%3Fdistro=trixie
11
url pkg:deb/debian/libpod@3.0.1%2Bdfsg1-3%2Bdeb11u2?distro=bullseye
purl pkg:deb/debian/libpod@3.0.1%2Bdfsg1-3%2Bdeb11u2?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpod@3.0.1%252Bdfsg1-3%252Bdeb11u2%3Fdistro=bullseye
12
url pkg:deb/debian/libpod@3.0.1%2Bdfsg1-3%2Bdeb11u5?distro=bullseye
purl pkg:deb/debian/libpod@3.0.1%2Bdfsg1-3%2Bdeb11u5?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpod@3.0.1%252Bdfsg1-3%252Bdeb11u5%3Fdistro=bullseye
13
url pkg:deb/debian/libpod@3.4.7%2Bds1-1?distro=bullseye
purl pkg:deb/debian/libpod@3.4.7%2Bds1-1?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpod@3.4.7%252Bds1-1%3Fdistro=bullseye
14
url pkg:deb/debian/libpod@4.3.1%2Bds1-8%2Bdeb12u1?distro=bullseye
purl pkg:deb/debian/libpod@4.3.1%2Bds1-8%2Bdeb12u1?distro=bullseye
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpod@4.3.1%252Bds1-8%252Bdeb12u1%3Fdistro=bullseye
15
url pkg:golang/github.com/containers/psgo@1.7.2
purl pkg:golang/github.com/containers/psgo@1.7.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/containers/psgo@1.7.2
16
url pkg:golang/github.com/containers/podman/v3@3.4.0
purl pkg:golang/github.com/containers/podman/v3@3.4.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/containers/podman/v3@3.4.0
Affected_packages
0
url pkg:rpm/redhat/podman@1.6.4-32?arch=el7_9
purl pkg:rpm/redhat/podman@1.6.4-32?arch=el7_9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tgmf-r176-juce
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/podman@1.6.4-32%3Farch=el7_9
1
url pkg:rpm/redhat/podman@1.9.3-5.rhaos4.6?arch=el8
purl pkg:rpm/redhat/podman@1.9.3-5.rhaos4.6?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tgmf-r176-juce
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/podman@1.9.3-5.rhaos4.6%3Farch=el8
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1227.json
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1227.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-1227
reference_id
reference_type
scores
0
value 0.33719
scoring_system epss
scoring_elements 0.96961
published_at 2026-04-21T12:55:00Z
1
value 0.33719
scoring_system epss
scoring_elements 0.96958
published_at 2026-04-18T12:55:00Z
2
value 0.33719
scoring_system epss
scoring_elements 0.96954
published_at 2026-04-16T12:55:00Z
3
value 0.33719
scoring_system epss
scoring_elements 0.96941
published_at 2026-04-08T12:55:00Z
4
value 0.33719
scoring_system epss
scoring_elements 0.96947
published_at 2026-04-13T12:55:00Z
5
value 0.33719
scoring_system epss
scoring_elements 0.96946
published_at 2026-04-12T12:55:00Z
6
value 0.33719
scoring_system epss
scoring_elements 0.96945
published_at 2026-04-11T12:55:00Z
7
value 0.33719
scoring_system epss
scoring_elements 0.96943
published_at 2026-04-09T12:55:00Z
8
value 0.33719
scoring_system epss
scoring_elements 0.96932
published_at 2026-04-07T12:55:00Z
9
value 0.33719
scoring_system epss
scoring_elements 0.96929
published_at 2026-04-04T12:55:00Z
10
value 0.33719
scoring_system epss
scoring_elements 0.96924
published_at 2026-04-02T12:55:00Z
11
value 0.33719
scoring_system epss
scoring_elements 0.96916
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-1227
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2070368
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2070368
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1227
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1227
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://github.com/containers/podman
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/containers/podman
6
reference_url https://github.com/containers/podman/issues/10941
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/containers/podman/issues/10941
7
reference_url https://github.com/containers/podman/pull/13862
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/containers/podman/pull/13862
8
reference_url https://github.com/containers/podman/pull/13862/commits/79a3e149c10f74db4cebff624287385c90179d09
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/containers/podman/pull/13862/commits/79a3e149c10f74db4cebff624287385c90179d09
9
reference_url https://github.com/containers/psgo/pull/92
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/containers/psgo/pull/92
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-1227
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-1227
13
reference_url https://pkg.go.dev/vuln/GO-2022-0558
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://pkg.go.dev/vuln/GO-2022-0558
14
reference_url https://security.netapp.com/advisory/ntap-20240628-0001
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240628-0001
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020907
reference_id 1020907
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020907
16
reference_url https://access.redhat.com/errata/RHSA-2022:1762
reference_id RHSA-2022:1762
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1762
17
reference_url https://access.redhat.com/errata/RHSA-2022:2143
reference_id RHSA-2022:2143
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2143
18
reference_url https://access.redhat.com/errata/RHSA-2022:2190
reference_id RHSA-2022:2190
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2190
19
reference_url https://access.redhat.com/errata/RHSA-2022:2263
reference_id RHSA-2022:2263
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2263
20
reference_url https://access.redhat.com/errata/RHSA-2022:4651
reference_id RHSA-2022:4651
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4651
21
reference_url https://access.redhat.com/errata/RHSA-2022:4816
reference_id RHSA-2022:4816
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4816
22
reference_url https://access.redhat.com/errata/RHSA-2022:5622
reference_id RHSA-2022:5622
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5622
Weaknesses
0
cwe_id 269
name Improper Privilege Management
description The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
1
cwe_id 281
name Improper Preservation of Permissions
description The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-tgmf-r176-juce