Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-vj7p-66bc-7yam
Summary
Symlink Attack in kubectl cp
The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. The untar function can both create and follow symbolic links. The issue is resolved in kubectl v1.11.9, v1.12.7, v1.13.5, and v1.14.0.
Aliases
0
alias CVE-2019-1002101
1
alias GHSA-34jx-wx69-9x8v
Fixed_packages
0
url pkg:deb/debian/kubernetes@0?distro=trixie
purl pkg:deb/debian/kubernetes@0?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@0%3Fdistro=trixie
1
url pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1?distro=trixie
purl pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-42kp-8t9h-dfat
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.20.5%252Breally1.20.2-1%3Fdistro=trixie
2
url pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1.1%2Bdeb12u1?distro=trixie
purl pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1.1%2Bdeb12u1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.20.5%252Breally1.20.2-1.1%252Bdeb12u1%3Fdistro=trixie
3
url pkg:deb/debian/kubernetes@1.32.3%2Bds-2?distro=trixie
purl pkg:deb/debian/kubernetes@1.32.3%2Bds-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.32.3%252Bds-2%3Fdistro=trixie
4
url pkg:deb/debian/kubernetes@1.33.4%2Bds-1?distro=trixie
purl pkg:deb/debian/kubernetes@1.33.4%2Bds-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.33.4%252Bds-1%3Fdistro=trixie
5
url pkg:golang/k8s.io/kubernetes@1.11.9
purl pkg:golang/k8s.io/kubernetes@1.11.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/k8s.io/kubernetes@1.11.9
6
url pkg:golang/k8s.io/kubernetes@1.12.7
purl pkg:golang/k8s.io/kubernetes@1.12.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/k8s.io/kubernetes@1.12.7
7
url pkg:golang/k8s.io/kubernetes@1.13.5
purl pkg:golang/k8s.io/kubernetes@1.13.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/k8s.io/kubernetes@1.13.5
Affected_packages
0
url pkg:rpm/redhat/ansible-service-broker@1.1.20-1?arch=el7
purl pkg:rpm/redhat/ansible-service-broker@1.1.20-1?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ansible-service-broker@1.1.20-1%3Farch=el7
1
url pkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.10.127-1.git.55.b54f8c7?arch=el7
purl pkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.10.127-1.git.55.b54f8c7?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.10.127-1.git.55.b54f8c7%3Farch=el7
2
url pkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.11.98-1.git.0.a7877b0?arch=el7
purl pkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.11.98-1.git.0.a7877b0?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-enterprise-service-catalog@1:3.11.98-1.git.0.a7877b0%3Farch=el7
3
url pkg:rpm/redhat/atomic-openshift@3.9.74-1.git.0.78e56ea?arch=el7
purl pkg:rpm/redhat/atomic-openshift@3.9.74-1.git.0.78e56ea?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.9.74-1.git.0.78e56ea%3Farch=el7
4
url pkg:rpm/redhat/atomic-openshift@3.10.127-1.git.0.dab74c6?arch=el7
purl pkg:rpm/redhat/atomic-openshift@3.10.127-1.git.0.dab74c6?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.10.127-1.git.0.dab74c6%3Farch=el7
5
url pkg:rpm/redhat/atomic-openshift@3.11.98-1.git.0.0cbaff3?arch=el7
purl pkg:rpm/redhat/atomic-openshift@3.11.98-1.git.0.0cbaff3?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift@3.11.98-1.git.0.0cbaff3%3Farch=el7
6
url pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.98-1.git.0.3b82207?arch=el7
purl pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.98-1.git.0.3b82207?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.98-1.git.0.3b82207%3Farch=el7
7
url pkg:rpm/redhat/atomic-openshift-descheduler@3.10.127-1.git.153.bc1eddd?arch=el7
purl pkg:rpm/redhat/atomic-openshift-descheduler@3.10.127-1.git.153.bc1eddd?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-descheduler@3.10.127-1.git.153.bc1eddd%3Farch=el7
8
url pkg:rpm/redhat/atomic-openshift-descheduler@3.11.98-1.git.153.6c2426d?arch=el7
purl pkg:rpm/redhat/atomic-openshift-descheduler@3.11.98-1.git.153.6c2426d?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-descheduler@3.11.98-1.git.153.6c2426d%3Farch=el7
9
url pkg:rpm/redhat/atomic-openshift-dockerregistry@3.9.74-1.git.0.b102e93?arch=el7
purl pkg:rpm/redhat/atomic-openshift-dockerregistry@3.9.74-1.git.0.b102e93?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-dockerregistry@3.9.74-1.git.0.b102e93%3Farch=el7
10
url pkg:rpm/redhat/atomic-openshift-dockerregistry@3.10.127-1.git.0.f8aa6dd?arch=el7
purl pkg:rpm/redhat/atomic-openshift-dockerregistry@3.10.127-1.git.0.f8aa6dd?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-dockerregistry@3.10.127-1.git.0.f8aa6dd%3Farch=el7
11
url pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.98-1.git.0.27979f1?arch=el7
purl pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.98-1.git.0.27979f1?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.98-1.git.0.27979f1%3Farch=el7
12
url pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.98-1.git.52.0623d01?arch=el7
purl pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.98-1.git.52.0623d01?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.98-1.git.52.0623d01%3Farch=el7
13
url pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.10.127-1.git.0.4f5519b?arch=el7
purl pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.10.127-1.git.0.4f5519b?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.10.127-1.git.0.4f5519b%3Farch=el7
14
url pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.98-1.git.0.83348c7?arch=el7
purl pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.98-1.git.0.83348c7?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.98-1.git.0.83348c7%3Farch=el7
15
url pkg:rpm/redhat/atomic-openshift-service-idler@3.11.98-1.git.14.1793066?arch=el7
purl pkg:rpm/redhat/atomic-openshift-service-idler@3.11.98-1.git.14.1793066?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-service-idler@3.11.98-1.git.14.1793066%3Farch=el7
16
url pkg:rpm/redhat/atomic-openshift-web-console@3.9.74-1.git.50.93129da?arch=el7
purl pkg:rpm/redhat/atomic-openshift-web-console@3.9.74-1.git.50.93129da?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-web-console@3.9.74-1.git.50.93129da%3Farch=el7
17
url pkg:rpm/redhat/atomic-openshift-web-console@3.10.127-1.git.50.eab7949?arch=el7
purl pkg:rpm/redhat/atomic-openshift-web-console@3.10.127-1.git.50.eab7949?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-web-console@3.10.127-1.git.50.eab7949%3Farch=el7
18
url pkg:rpm/redhat/atomic-openshift-web-console@3.11.98-1.git.50.bd70c76?arch=el7
purl pkg:rpm/redhat/atomic-openshift-web-console@3.11.98-1.git.50.bd70c76?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/atomic-openshift-web-console@3.11.98-1.git.50.bd70c76%3Farch=el7
19
url pkg:rpm/redhat/cri-o@1.9.16-1.git78b2041?arch=el7
purl pkg:rpm/redhat/cri-o@1.9.16-1.git78b2041?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cri-o@1.9.16-1.git78b2041%3Farch=el7
20
url pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.98-1.git.0.fd9716c?arch=el7
purl pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.98-1.git.0.fd9716c?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.98-1.git.0.fd9716c%3Farch=el7
21
url pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.98-1.git.92.7ebe477?arch=el7
purl pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.98-1.git.92.7ebe477?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.98-1.git.92.7ebe477%3Farch=el7
22
url pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.9.74-1.git.0.2ab615c?arch=el7
purl pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.9.74-1.git.0.2ab615c?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.9.74-1.git.0.2ab615c%3Farch=el7
23
url pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.10.127-1.git.0.8ebe819?arch=el7
purl pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.10.127-1.git.0.8ebe819?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.10.127-1.git.0.8ebe819%3Farch=el7
24
url pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.98-1.git.0.b02f11c?arch=el7
purl pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.98-1.git.0.b02f11c?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.98-1.git.0.b02f11c%3Farch=el7
25
url pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.98-1.git.0.61907ad?arch=el7
purl pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.98-1.git.0.61907ad?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.98-1.git.0.61907ad%3Farch=el7
26
url pkg:rpm/redhat/openshift-ansible@3.9.74-1.git.0.70a0a63?arch=el7
purl pkg:rpm/redhat/openshift-ansible@3.9.74-1.git.0.70a0a63?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-ansible@3.9.74-1.git.0.70a0a63%3Farch=el7
27
url pkg:rpm/redhat/openshift-ansible@3.10.127-1.git.0.131da09?arch=el7
purl pkg:rpm/redhat/openshift-ansible@3.10.127-1.git.0.131da09?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-ansible@3.10.127-1.git.0.131da09%3Farch=el7
28
url pkg:rpm/redhat/openshift-ansible@3.11.98-1.git.0.3cfa7c3?arch=el7
purl pkg:rpm/redhat/openshift-ansible@3.11.98-1.git.0.3cfa7c3?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-ansible@3.11.98-1.git.0.3cfa7c3%3Farch=el7
29
url pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.98-1.git.0.6737a19?arch=el7
purl pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.98-1.git.0.6737a19?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.98-1.git.0.6737a19%3Farch=el7
30
url pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.10.127-1.git.0.44580c6?arch=el7
purl pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.10.127-1.git.0.44580c6?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.10.127-1.git.0.44580c6%3Farch=el7
31
url pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.98-1.git.0.deb9250?arch=el7
purl pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.98-1.git.0.deb9250?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.98-1.git.0.deb9250%3Farch=el7
32
url pkg:rpm/redhat/python-certifi@2018.4.16-2?arch=el7
purl pkg:rpm/redhat/python-certifi@2018.4.16-2?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-certifi@2018.4.16-2%3Farch=el7
33
url pkg:rpm/redhat/python-docker@2.4.2-2?arch=el7
purl pkg:rpm/redhat/python-docker@2.4.2-2?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-puq1-z5h7-pkdg
1
vulnerability VCID-rknj-nkgs-wyg2
2
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-docker@2.4.2-2%3Farch=el7
34
url pkg:rpm/redhat/python-libcloud@2.2.1-20180102gitd701bf9?arch=el7
purl pkg:rpm/redhat/python-libcloud@2.2.1-20180102gitd701bf9?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ep8y-hq9y-afcu
1
vulnerability VCID-vj7p-66bc-7yam
2
vulnerability VCID-vtvy-ec7a-xua9
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python-libcloud@2.2.1-20180102gitd701bf9%3Farch=el7
35
url pkg:rpm/redhat/rubygem-fluent-plugin-viaq_data_model@0.0.18-1?arch=el7
purl pkg:rpm/redhat/rubygem-fluent-plugin-viaq_data_model@0.0.18-1?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vj7p-66bc-7yam
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rubygem-fluent-plugin-viaq_data_model@0.0.18-1%3Farch=el7
References
0
reference_url https://access.redhat.com/errata/RHBA-2019:0619
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0619
1
reference_url https://access.redhat.com/errata/RHBA-2019:0620
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0620
2
reference_url https://access.redhat.com/errata/RHBA-2019:0636
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHBA-2019:0636
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1002101.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1002101.json
4
reference_url https://access.redhat.com/security/cve/cve-2019-1002101
reference_id
reference_type
scores
url https://access.redhat.com/security/cve/cve-2019-1002101
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-1002101
reference_id
reference_type
scores
0
value 0.49274
scoring_system epss
scoring_elements 0.97759
published_at 2026-04-01T12:55:00Z
1
value 0.49274
scoring_system epss
scoring_elements 0.97765
published_at 2026-04-02T12:55:00Z
2
value 0.49274
scoring_system epss
scoring_elements 0.97783
published_at 2026-04-13T12:55:00Z
3
value 0.49274
scoring_system epss
scoring_elements 0.97789
published_at 2026-04-16T12:55:00Z
4
value 0.49274
scoring_system epss
scoring_elements 0.97792
published_at 2026-04-18T12:55:00Z
5
value 0.49274
scoring_system epss
scoring_elements 0.9779
published_at 2026-04-21T12:55:00Z
6
value 0.49274
scoring_system epss
scoring_elements 0.97782
published_at 2026-04-12T12:55:00Z
7
value 0.49274
scoring_system epss
scoring_elements 0.9778
published_at 2026-04-11T12:55:00Z
8
value 0.49274
scoring_system epss
scoring_elements 0.97777
published_at 2026-04-09T12:55:00Z
9
value 0.49274
scoring_system epss
scoring_elements 0.97774
published_at 2026-04-08T12:55:00Z
10
value 0.49274
scoring_system epss
scoring_elements 0.97769
published_at 2026-04-07T12:55:00Z
11
value 0.49274
scoring_system epss
scoring_elements 0.97767
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-1002101
6
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
7
reference_url https://github.com/kubernetes/kubernetes/commit/47063891dd782835170f500a83f37cc98c3c1013
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/commit/47063891dd782835170f500a83f37cc98c3c1013
8
reference_url https://github.com/kubernetes/kubernetes/pull/75037
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/kubernetes/kubernetes/pull/75037
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPV2RE5RMOGUVP5WJMXKQJZUBBLAFZPZ/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPV2RE5RMOGUVP5WJMXKQJZUBBLAFZPZ/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QZB7E3DOZ5WDG46XAIU6K32CXHXPXB2F/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QZB7E3DOZ5WDG46XAIU6K32CXHXPXB2F/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPV2RE5RMOGUVP5WJMXKQJZUBBLAFZPZ
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPV2RE5RMOGUVP5WJMXKQJZUBBLAFZPZ
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QZB7E3DOZ5WDG46XAIU6K32CXHXPXB2F
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QZB7E3DOZ5WDG46XAIU6K32CXHXPXB2F
13
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-1002101
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:N/I:P/A:P
1
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
2
value 6.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
3
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-1002101
14
reference_url https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101
15
reference_url https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101/
reference_id
reference_type
scores
url https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101/
16
reference_url http://www.openwall.com/lists/oss-security/2019/06/21/1
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/06/21/1
17
reference_url http://www.openwall.com/lists/oss-security/2019/08/05/5
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2019/08/05/5
18
reference_url http://www.securityfocus.com/bid/107652
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/bid/107652
19
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1685213
reference_id 1685213
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1685213
20
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*
21
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kubernetes:kubernetes:1.14.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:kubernetes:kubernetes:1.14.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kubernetes:kubernetes:1.14.0:*:*:*:*:*:*:*
22
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.10:*:*:*:*:*:*:*
23
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*
24
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*
reference_id cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.9:*:*:*:*:*:*:*
Weaknesses
0
cwe_id 59
name Improper Link Resolution Before File Access ('Link Following')
description The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-vj7p-66bc-7yam