Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-vu3k-upyc-x7av

Summary

Potential proxy IP restriction bypass in Kubernetes
As mitigations to a report from 2019 and CVE-2020-8555, Kubernetes attempts to prevent proxied connections from accessing link-local or localhost networks when making user-driven connections to Services, Pods, Nodes, or StorageClass service providers. As part of this mitigation Kubernetes does a DNS name resolution check and validates that response IPs are not in the link-local (169.254.0.0/16) or localhost (127.0.0.0/8) range. Kubernetes then performs a second DNS resolution without validation for the actual connection. If a non-standard DNS server returns different non-cached responses, a user may be able to bypass the proxy IP restriction and access private networks on the control plane. All versions of Kubernetes are impacted, and there is no fix in place.

Aliases

alias	CVE-2020-8562

alias	GHSA-qh36-44jv-c8xj

Fixed_packages

url pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1?distro=trixie

purl pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-42kp-8t9h-dfat

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.20.5%252Breally1.20.2-1%3Fdistro=trixie

url	pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1.1%2Bdeb12u1?distro=trixie
purl	pkg:deb/debian/kubernetes@1.20.5%2Breally1.20.2-1.1%2Bdeb12u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.20.5%252Breally1.20.2-1.1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/kubernetes@1.32.3%2Bds-2?distro=trixie
purl	pkg:deb/debian/kubernetes@1.32.3%2Bds-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.32.3%252Bds-2%3Fdistro=trixie

url	pkg:deb/debian/kubernetes@1.33.4%2Bds-1?distro=trixie
purl	pkg:deb/debian/kubernetes@1.33.4%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/kubernetes@1.33.4%252Bds-1%3Fdistro=trixie

Affected_packages

url pkg:alpm/archlinux/kube-proxy@1.23.0-1

purl pkg:alpm/archlinux/kube-proxy@1.23.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4qqj-251q-ykek

vulnerability	VCID-vu3k-upyc-x7av

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/kube-proxy@1.23.0-1

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8562.json

reference_id

reference_type

scores

value	2.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8562.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8562

reference_id

reference_type

scores

value	0.00057
scoring_system	epss
scoring_elements	0.1773
published_at	2026-04-24T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17822
published_at	2026-04-21T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17784
published_at	2026-04-18T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17775
published_at	2026-04-16T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17833
published_at	2026-04-13T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17882
published_at	2026-04-12T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17926
published_at	2026-04-11T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.1791
published_at	2026-04-09T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.1785
published_at	2026-04-08T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17762
published_at	2026-04-07T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.18008
published_at	2026-04-02T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.17847
published_at	2026-04-01T12:55:00Z

value	0.00057
scoring_system	epss
scoring_elements	0.18062
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8562

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8562
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8562

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/kubernetes/kubernetes

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/kubernetes/kubernetes

reference_url

https://github.com/kubernetes/kubernetes/issues/101493

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/kubernetes/kubernetes/issues/101493

reference_url

https://github.com/kubernetes/kubernetes/issues/101493#issuecomment-2272095629

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/kubernetes/kubernetes/issues/101493#issuecomment-2272095629

reference_url

https://groups.google.com/g/kubernetes-security-announce/c/-MFX60_wdOY

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://groups.google.com/g/kubernetes-security-announce/c/-MFX60_wdOY

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-8562

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8562

reference_url

https://security.netapp.com/advisory/ntap-20220225-0002

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220225-0002

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1954914
reference_id	1954914
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1954914

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990793
reference_id	990793
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990793

reference_url

https://security.archlinux.org/AVG-1915

reference_id

AVG-1915

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1915

Weaknesses

cwe_id	367
name	Time-of-check Time-of-use (TOCTOU) Race Condition
description	The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

Exploits

Severity_range_score 0.1 - 3.1

Exploitability 0.5

Weighted_severity 2.8

Risk_score 1.4

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vu3k-upyc-x7av

Vulnerability Instance