Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-avqu-wswg-c3ga

Summary

Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Users should update to this version when it is available. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `"USER $USERNAME"` Dockerfile instruction. Instead by calling `ENTRYPOINT ["su", "-", "user"]` the supplementary groups will be set up properly.

Thanks to Steven Murdoch for reporting this issue.

----

### Impact

If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container.

### Patches

This bug is fixed in Moby (Docker Engine) 20.10.18. Users should update to this version when it is available.

### Workarounds

This problem can be worked around by not using the `"USER $USERNAME"` Dockerfile instruction. Instead by calling `ENTRYPOINT ["su", "-", "user"]` the supplementary groups will be set up properly.

### References

https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/

### For more information

If you have any questions or comments about this advisory:

* [Open an issue](https://github.com/moby/moby/issues/new)
* Email us at [security@docker.com](mailto:security@docker.com)

Aliases

alias	CVE-2022-36109

alias	GHSA-rc4r-wh2q-q6c4

Fixed_packages

url	pkg:apk/alpine/docker@20.10.18-r0?arch=riscv64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=riscv64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=riscv64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=x86_64&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=x86_64&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86_64&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=riscv64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=riscv64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=riscv64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=armhf&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=armhf&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armhf&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=aarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=aarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=aarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=armhf&distroversion=edge&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=armhf&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armhf&distroversion=edge&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=loongarch64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=loongarch64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=loongarch64&distroversion=edge&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=x86&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=x86&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=armv7&distroversion=edge&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=armv7&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armv7&distroversion=edge&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=ppc64le&distroversion=edge&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=ppc64le&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=ppc64le&distroversion=edge&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=riscv64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=riscv64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=riscv64&distroversion=edge&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=s390x&distroversion=edge&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=s390x&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=s390x&distroversion=edge&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=x86&distroversion=edge&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=x86&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86&distroversion=edge&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=x86_64&distroversion=edge&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=x86_64&distroversion=edge&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86_64&distroversion=edge&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=aarch64&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=aarch64&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=aarch64&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=armhf&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=armhf&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armhf&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=armv7&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=armv7&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armv7&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=ppc64le&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=ppc64le&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=ppc64le&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=s390x&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=s390x&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=s390x&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=x86&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=x86&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=x86_64&distroversion=v3.16&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=x86_64&distroversion=v3.16&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86_64&distroversion=v3.16&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=aarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=aarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=aarch64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=armhf&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=armhf&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armhf&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=armv7&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=armv7&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armv7&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=loongarch64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=loongarch64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=ppc64le&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=ppc64le&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=ppc64le&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=riscv64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=riscv64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=riscv64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=s390x&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=s390x&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=s390x&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=aarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=aarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=aarch64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=ppc64le&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=ppc64le&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=s390x&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=s390x&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=s390x&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=x86&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=x86&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=armv7&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=armv7&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armv7&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=x86&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=x86&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=ppc64le&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=ppc64le&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=s390x&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=s390x&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=s390x&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=x86&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=x86&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=x86_64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=x86_64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86_64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=armv7&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=armv7&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armv7&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=ppc64le&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=ppc64le&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=ppc64le&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=riscv64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=riscv64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=riscv64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=s390x&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=s390x&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=s390x&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=x86&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=x86&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=x86_64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=x86_64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86_64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=aarch64&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=aarch64&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=aarch64&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=s390x&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=s390x&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=s390x&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=x86_64&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=x86_64&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86_64&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=aarch64&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=aarch64&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=aarch64&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=armhf&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=armhf&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armhf&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=armv7&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=armv7&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armv7&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=s390x&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=s390x&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=s390x&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=x86&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=x86&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=x86_64&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=x86_64&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86_64&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=x86&distroversion=v3.22&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=x86&distroversion=v3.22&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86&distroversion=v3.22&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=armhf&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=armhf&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armhf&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=armv7&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=armv7&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armv7&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=loongarch64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=loongarch64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=x86_64&distroversion=v3.23&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=x86_64&distroversion=v3.23&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86_64&distroversion=v3.23&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=aarch64&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=aarch64&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=aarch64&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=armhf&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=armhf&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armhf&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=ppc64le&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=ppc64le&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=ppc64le&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=s390x&distroversion=v3.17&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=s390x&distroversion=v3.17&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=s390x&distroversion=v3.17&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=aarch64&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=aarch64&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=aarch64&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=armhf&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=armhf&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armhf&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=armv7&distroversion=v3.20&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=armv7&distroversion=v3.20&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armv7&distroversion=v3.20&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=aarch64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=aarch64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=aarch64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=armhf&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=armhf&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armhf&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=loongarch64&distroversion=v3.21&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=loongarch64&distroversion=v3.21&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=armv7&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=armv7&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armv7&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=ppc64le&distroversion=v3.18&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=ppc64le&distroversion=v3.18&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=ppc64le&distroversion=v3.18&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=ppc64le&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=ppc64le&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=ppc64le&distroversion=v3.19&reponame=community

url	pkg:apk/alpine/docker@20.10.18-r0?arch=x86_64&distroversion=v3.19&reponame=community
purl	pkg:apk/alpine/docker@20.10.18-r0?arch=x86_64&distroversion=v3.19&reponame=community
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86_64&distroversion=v3.19&reponame=community

url	pkg:deb/debian/docker.io@20.10.19%2Bdfsg1-1?distro=trixie
purl	pkg:deb/debian/docker.io@20.10.19%2Bdfsg1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.19%252Bdfsg1-1%3Fdistro=trixie

url	pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1
purl	pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1

url pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sky-21r5-3qcu

vulnerability	VCID-6tg9-3vhh-muae

vulnerability	VCID-8e1u-z6kg-ryhc

vulnerability	VCID-b2qe-8u58-2qck

vulnerability	VCID-njcw-wc13-dqcz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie
purl	pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie

url	pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie
purl	pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie

url	pkg:ebuild/app-containers/docker@25.0.4
purl	pkg:ebuild/app-containers/docker@25.0.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/docker@25.0.4

Affected_packages

url pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sky-21r5-3qcu

vulnerability	VCID-6tg9-3vhh-muae

vulnerability	VCID-8e1u-z6kg-ryhc

vulnerability	VCID-avqu-wswg-c3ga

vulnerability	VCID-b2qe-8u58-2qck

vulnerability	VCID-bzeb-kj67-vfds

vulnerability	VCID-e82r-vc77-f7bz

vulnerability	VCID-njcw-wc13-dqcz

vulnerability	VCID-quyf-eq2s-dbda

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2

purl pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1sky-21r5-3qcu

vulnerability	VCID-41ft-14gt-bbbq

vulnerability	VCID-6tg9-3vhh-muae

vulnerability	VCID-8e1u-z6kg-ryhc

vulnerability	VCID-avqu-wswg-c3ga

vulnerability	VCID-b2qe-8u58-2qck

vulnerability	VCID-bzeb-kj67-vfds

vulnerability	VCID-e82r-vc77-f7bz

vulnerability	VCID-njcw-wc13-dqcz

vulnerability	VCID-quyf-eq2s-dbda

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36109.json

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36109.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-36109

reference_id

reference_type

scores

value	0.00041
scoring_system	epss
scoring_elements	0.12421
published_at	2026-04-21T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.1231
published_at	2026-04-18T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12309
published_at	2026-04-16T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12409
published_at	2026-04-13T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12449
published_at	2026-04-12T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12487
published_at	2026-04-11T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12514
published_at	2026-04-09T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12576
published_at	2026-04-04T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12533
published_at	2026-04-02T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12464
published_at	2026-04-08T12:55:00Z

value	0.00041
scoring_system	epss
scoring_elements	0.12384
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-36109

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36109
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36109

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/moby/moby

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moby/moby

reference_url

https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:05Z/

url

https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32

reference_url

https://github.com/moby/moby/releases/tag/v20.10.18

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:05Z/

url

https://github.com/moby/moby/releases/tag/v20.10.18

reference_url

https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:05Z/

url

https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:05Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-36109

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-36109

reference_url

https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:05Z/

url

https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019601
reference_id	1019601
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019601

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2127290
reference_id	2127290
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2127290

reference_url	https://security.gentoo.org/glsa/202409-29
reference_id	GLSA-202409-29
reference_type
scores
url	https://security.gentoo.org/glsa/202409-29

Weaknesses

cwe_id	863
name	Incorrect Authorization
description	The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-avqu-wswg-c3ga

Vulnerability Instance