Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-45eq-pv3j-2uh9

Summary tcmu-runner: SCSI target (LIO) write to any block on ILO backstore

Aliases

alias	CVE-2021-3139

Fixed_packages

url	pkg:deb/debian/tcmu@1.5.2-6?distro=trixie
purl	pkg:deb/debian/tcmu@1.5.2-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tcmu@1.5.2-6%3Fdistro=trixie

url	pkg:deb/debian/tcmu@1.5.4-4.1?distro=trixie
purl	pkg:deb/debian/tcmu@1.5.4-4.1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tcmu@1.5.4-4.1%3Fdistro=trixie

url	pkg:deb/debian/tcmu@1.5.4-9?distro=trixie
purl	pkg:deb/debian/tcmu@1.5.4-9?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tcmu@1.5.4-9%3Fdistro=trixie

url	pkg:deb/debian/tcmu@1.5.4-10?distro=trixie
purl	pkg:deb/debian/tcmu@1.5.4-10?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/tcmu@1.5.4-10%3Fdistro=trixie

Affected_packages

url pkg:rpm/redhat/ceph@2:12.2.12-139?arch=el7cp

purl pkg:rpm/redhat/ceph@2:12.2.12-139?arch=el7cp

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-45eq-pv3j-2uh9

vulnerability	VCID-4mk7-e67u-zkgy

vulnerability	VCID-6kbn-psnc-q3cy

vulnerability	VCID-j6nn-jkc5-k3f6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ceph@2:12.2.12-139%3Farch=el7cp

url pkg:rpm/redhat/ceph@2:14.2.11-147?arch=el7cp

purl pkg:rpm/redhat/ceph@2:14.2.11-147?arch=el7cp

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-45eq-pv3j-2uh9

vulnerability	VCID-7k2s-fmzx-a3d8

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ceph@2:14.2.11-147%3Farch=el7cp

url pkg:rpm/redhat/ceph-ansible@3.2.56-1?arch=el7cp

purl pkg:rpm/redhat/ceph-ansible@3.2.56-1?arch=el7cp

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-45eq-pv3j-2uh9

vulnerability	VCID-4mk7-e67u-zkgy

vulnerability	VCID-6kbn-psnc-q3cy

vulnerability	VCID-j6nn-jkc5-k3f6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ceph-ansible@3.2.56-1%3Farch=el7cp

url pkg:rpm/redhat/ceph-ansible@4.0.49.2-1?arch=el7cp

purl pkg:rpm/redhat/ceph-ansible@4.0.49.2-1?arch=el7cp

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-45eq-pv3j-2uh9

vulnerability	VCID-7k2s-fmzx-a3d8

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ceph-ansible@4.0.49.2-1%3Farch=el7cp

url pkg:rpm/redhat/cephmetrics@2.0.10-1?arch=el7cp

purl pkg:rpm/redhat/cephmetrics@2.0.10-1?arch=el7cp

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-45eq-pv3j-2uh9

vulnerability	VCID-4mk7-e67u-zkgy

vulnerability	VCID-6kbn-psnc-q3cy

vulnerability	VCID-j6nn-jkc5-k3f6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/cephmetrics@2.0.10-1%3Farch=el7cp

url pkg:rpm/redhat/gperftools@2.6.3-3?arch=el8cp

purl pkg:rpm/redhat/gperftools@2.6.3-3?arch=el8cp

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-45eq-pv3j-2uh9

vulnerability	VCID-7k2s-fmzx-a3d8

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/gperftools@2.6.3-3%3Farch=el8cp

url pkg:rpm/redhat/grafana@5.2.4-3?arch=el7cp

purl pkg:rpm/redhat/grafana@5.2.4-3?arch=el7cp

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-45eq-pv3j-2uh9

vulnerability	VCID-4mk7-e67u-zkgy

vulnerability	VCID-6kbn-psnc-q3cy

vulnerability	VCID-j6nn-jkc5-k3f6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/grafana@5.2.4-3%3Farch=el7cp

url pkg:rpm/redhat/tcmu-runner@1.4.0-3?arch=el7cp

purl pkg:rpm/redhat/tcmu-runner@1.4.0-3?arch=el7cp

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-45eq-pv3j-2uh9

vulnerability	VCID-4mk7-e67u-zkgy

vulnerability	VCID-6kbn-psnc-q3cy

vulnerability	VCID-j6nn-jkc5-k3f6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tcmu-runner@1.4.0-3%3Farch=el7cp

url pkg:rpm/redhat/tcmu-runner@1.5.2-2?arch=el7cp

purl pkg:rpm/redhat/tcmu-runner@1.5.2-2?arch=el7cp

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-45eq-pv3j-2uh9

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/tcmu-runner@1.5.2-2%3Farch=el7cp

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3139.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3139.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-3139

reference_id

reference_type

scores

value	0.00912
scoring_system	epss
scoring_elements	0.7579
published_at	2026-04-01T12:55:00Z

value	0.00912
scoring_system	epss
scoring_elements	0.75793
published_at	2026-04-02T12:55:00Z

value	0.00912
scoring_system	epss
scoring_elements	0.75825
published_at	2026-04-04T12:55:00Z

value	0.00912
scoring_system	epss
scoring_elements	0.75804
published_at	2026-04-07T12:55:00Z

value	0.00912
scoring_system	epss
scoring_elements	0.75836
published_at	2026-04-08T12:55:00Z

value	0.00912
scoring_system	epss
scoring_elements	0.75848
published_at	2026-04-09T12:55:00Z

value	0.00912
scoring_system	epss
scoring_elements	0.75872
published_at	2026-04-11T12:55:00Z

value	0.00912
scoring_system	epss
scoring_elements	0.75853
published_at	2026-04-12T12:55:00Z

value	0.00912
scoring_system	epss
scoring_elements	0.75847
published_at	2026-04-13T12:55:00Z

value	0.00912
scoring_system	epss
scoring_elements	0.75884
published_at	2026-04-16T12:55:00Z

value	0.00912
scoring_system	epss
scoring_elements	0.75887
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-3139

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3139
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3139

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1916045
reference_id	1916045
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1916045

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980007
reference_id	980007
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980007

reference_url	https://access.redhat.com/errata/RHSA-2021:1452
reference_id	RHSA-2021:1452
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1452

reference_url	https://access.redhat.com/errata/RHSA-2021:1518
reference_id	RHSA-2021:1518
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1518

reference_url	https://usn.ubuntu.com/4707-1/
reference_id	USN-4707-1
reference_type
scores
url	https://usn.ubuntu.com/4707-1/

Weaknesses

cwe_id	20
name	Improper Input Validation
description	The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Exploits

Severity_range_score 8.1 - 8.1

Exploitability 0.5

Weighted_severity 7.3

Risk_score 3.6

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-45eq-pv3j-2uh9

Vulnerability Instance