Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-1y4y-wz8e-b7ap

Summary util-linux: arbitrary commands execution via the path parameter

Aliases

alias	CVE-2020-21583

Fixed_packages

url	pkg:deb/debian/util-linux@2.27-1?distro=trixie
purl	pkg:deb/debian/util-linux@2.27-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/util-linux@2.27-1%3Fdistro=trixie

url pkg:deb/debian/util-linux@2.29.2-1%2Bdeb9u1

purl pkg:deb/debian/util-linux@2.29.2-1%2Bdeb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-atkm-qtr6-skbz

vulnerability	VCID-bfgu-fqvj-qua8

vulnerability	VCID-jykg-cpvb-cbec

vulnerability	VCID-nwyr-pbu6-77hv

vulnerability	VCID-rn5d-2usk-8fdz

vulnerability	VCID-sahz-er9j-7fgd

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/util-linux@2.29.2-1%252Bdeb9u1

url pkg:deb/debian/util-linux@2.36.1-8%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/util-linux@2.36.1-8%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-12wg-bxvc-4fch

vulnerability	VCID-7rr2-kub4-wffb

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/util-linux@2.36.1-8%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/util-linux@2.38.1-5%2Bdeb12u3?distro=trixie

purl pkg:deb/debian/util-linux@2.38.1-5%2Bdeb12u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-12wg-bxvc-4fch

vulnerability	VCID-7rr2-kub4-wffb

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/util-linux@2.38.1-5%252Bdeb12u3%3Fdistro=trixie

url pkg:deb/debian/util-linux@2.41-5?distro=trixie

purl pkg:deb/debian/util-linux@2.41-5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-12wg-bxvc-4fch

vulnerability	VCID-7rr2-kub4-wffb

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/util-linux@2.41-5%3Fdistro=trixie

url	pkg:deb/debian/util-linux@2.42-6?distro=trixie
purl	pkg:deb/debian/util-linux@2.42-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/util-linux@2.42-6%3Fdistro=trixie

url	pkg:deb/debian/util-linux@2.42.1-1?distro=trixie
purl	pkg:deb/debian/util-linux@2.42.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/util-linux@2.42.1-1%3Fdistro=trixie

url	pkg:deb/debian/util-linux@2.42.1-2?distro=trixie
purl	pkg:deb/debian/util-linux@2.42.1-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/util-linux@2.42.1-2%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/util-linux@2.7.1-3

purl pkg:deb/debian/util-linux@2.7.1-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fkf-pg88-67gm

vulnerability	VCID-1y4y-wz8e-b7ap

vulnerability	VCID-3cgb-jerk-2yeh

vulnerability	VCID-3qrr-p9p3-9qh9

vulnerability	VCID-6mg5-v1v5-7fcm

vulnerability	VCID-8sfz-3j1k-9qdc

vulnerability	VCID-a48f-8j4j-c3c3

vulnerability	VCID-atkm-qtr6-skbz

vulnerability	VCID-bfgu-fqvj-qua8

vulnerability	VCID-dpqu-apb4-vbbb

vulnerability	VCID-ev6y-u4sw-7ba7

vulnerability	VCID-g6x1-5jmt-nufu

vulnerability	VCID-jykg-cpvb-cbec

vulnerability	VCID-nwyr-pbu6-77hv

vulnerability	VCID-rn5d-2usk-8fdz

vulnerability	VCID-sahz-er9j-7fgd

vulnerability	VCID-ugp9-rh6g-nucq

vulnerability	VCID-weba-b8x9-vyh5

vulnerability	VCID-wfz4-43wd-2fgc

vulnerability	VCID-yb5x-m5sw-6fga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/util-linux@2.7.1-3

url pkg:deb/debian/util-linux@2.9g-6

purl pkg:deb/debian/util-linux@2.9g-6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fkf-pg88-67gm

vulnerability	VCID-1y4y-wz8e-b7ap

vulnerability	VCID-3cgb-jerk-2yeh

vulnerability	VCID-3qrr-p9p3-9qh9

vulnerability	VCID-6mg5-v1v5-7fcm

vulnerability	VCID-8sfz-3j1k-9qdc

vulnerability	VCID-a48f-8j4j-c3c3

vulnerability	VCID-atkm-qtr6-skbz

vulnerability	VCID-bfgu-fqvj-qua8

vulnerability	VCID-dpqu-apb4-vbbb

vulnerability	VCID-ev6y-u4sw-7ba7

vulnerability	VCID-g6x1-5jmt-nufu

vulnerability	VCID-jykg-cpvb-cbec

vulnerability	VCID-nwyr-pbu6-77hv

vulnerability	VCID-rn5d-2usk-8fdz

vulnerability	VCID-sahz-er9j-7fgd

vulnerability	VCID-ugp9-rh6g-nucq

vulnerability	VCID-weba-b8x9-vyh5

vulnerability	VCID-wfz4-43wd-2fgc

vulnerability	VCID-yb5x-m5sw-6fga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/util-linux@2.9g-6

url pkg:deb/debian/util-linux@2.10f-5.1

purl pkg:deb/debian/util-linux@2.10f-5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fkf-pg88-67gm

vulnerability	VCID-1y4y-wz8e-b7ap

vulnerability	VCID-3cgb-jerk-2yeh

vulnerability	VCID-3qrr-p9p3-9qh9

vulnerability	VCID-6mg5-v1v5-7fcm

vulnerability	VCID-8sfz-3j1k-9qdc

vulnerability	VCID-a48f-8j4j-c3c3

vulnerability	VCID-atkm-qtr6-skbz

vulnerability	VCID-bfgu-fqvj-qua8

vulnerability	VCID-dpqu-apb4-vbbb

vulnerability	VCID-ev6y-u4sw-7ba7

vulnerability	VCID-g6x1-5jmt-nufu

vulnerability	VCID-jykg-cpvb-cbec

vulnerability	VCID-nwyr-pbu6-77hv

vulnerability	VCID-rn5d-2usk-8fdz

vulnerability	VCID-sahz-er9j-7fgd

vulnerability	VCID-ugp9-rh6g-nucq

vulnerability	VCID-weba-b8x9-vyh5

vulnerability	VCID-wfz4-43wd-2fgc

vulnerability	VCID-yb5x-m5sw-6fga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/util-linux@2.10f-5.1

url pkg:deb/debian/util-linux@2.11n-7

purl pkg:deb/debian/util-linux@2.11n-7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fkf-pg88-67gm

vulnerability	VCID-1y4y-wz8e-b7ap

vulnerability	VCID-3cgb-jerk-2yeh

vulnerability	VCID-3qrr-p9p3-9qh9

vulnerability	VCID-6mg5-v1v5-7fcm

vulnerability	VCID-8sfz-3j1k-9qdc

vulnerability	VCID-a48f-8j4j-c3c3

vulnerability	VCID-atkm-qtr6-skbz

vulnerability	VCID-bfgu-fqvj-qua8

vulnerability	VCID-dpqu-apb4-vbbb

vulnerability	VCID-ev6y-u4sw-7ba7

vulnerability	VCID-g6x1-5jmt-nufu

vulnerability	VCID-jykg-cpvb-cbec

vulnerability	VCID-nwyr-pbu6-77hv

vulnerability	VCID-rn5d-2usk-8fdz

vulnerability	VCID-sahz-er9j-7fgd

vulnerability	VCID-weba-b8x9-vyh5

vulnerability	VCID-wfz4-43wd-2fgc

vulnerability	VCID-yb5x-m5sw-6fga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/util-linux@2.11n-7

url pkg:deb/debian/util-linux@2.12p-4sarge2

purl pkg:deb/debian/util-linux@2.12p-4sarge2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fkf-pg88-67gm

vulnerability	VCID-1y4y-wz8e-b7ap

vulnerability	VCID-3cgb-jerk-2yeh

vulnerability	VCID-3qrr-p9p3-9qh9

vulnerability	VCID-6mg5-v1v5-7fcm

vulnerability	VCID-8sfz-3j1k-9qdc

vulnerability	VCID-a48f-8j4j-c3c3

vulnerability	VCID-atkm-qtr6-skbz

vulnerability	VCID-bfgu-fqvj-qua8

vulnerability	VCID-dpqu-apb4-vbbb

vulnerability	VCID-ev6y-u4sw-7ba7

vulnerability	VCID-g6x1-5jmt-nufu

vulnerability	VCID-jykg-cpvb-cbec

vulnerability	VCID-nwyr-pbu6-77hv

vulnerability	VCID-rn5d-2usk-8fdz

vulnerability	VCID-sahz-er9j-7fgd

vulnerability	VCID-weba-b8x9-vyh5

vulnerability	VCID-wfz4-43wd-2fgc

vulnerability	VCID-yb5x-m5sw-6fga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/util-linux@2.12p-4sarge2

url pkg:deb/debian/util-linux@2.12r-19

purl pkg:deb/debian/util-linux@2.12r-19

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fkf-pg88-67gm

vulnerability	VCID-1y4y-wz8e-b7ap

vulnerability	VCID-3cgb-jerk-2yeh

vulnerability	VCID-3qrr-p9p3-9qh9

vulnerability	VCID-6mg5-v1v5-7fcm

vulnerability	VCID-8sfz-3j1k-9qdc

vulnerability	VCID-a48f-8j4j-c3c3

vulnerability	VCID-atkm-qtr6-skbz

vulnerability	VCID-bfgu-fqvj-qua8

vulnerability	VCID-dpqu-apb4-vbbb

vulnerability	VCID-ev6y-u4sw-7ba7

vulnerability	VCID-g6x1-5jmt-nufu

vulnerability	VCID-jykg-cpvb-cbec

vulnerability	VCID-nwyr-pbu6-77hv

vulnerability	VCID-rn5d-2usk-8fdz

vulnerability	VCID-sahz-er9j-7fgd

vulnerability	VCID-wfz4-43wd-2fgc

vulnerability	VCID-yb5x-m5sw-6fga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/util-linux@2.12r-19

url pkg:deb/debian/util-linux@2.12r-19etch1

purl pkg:deb/debian/util-linux@2.12r-19etch1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fkf-pg88-67gm

vulnerability	VCID-1y4y-wz8e-b7ap

vulnerability	VCID-3cgb-jerk-2yeh

vulnerability	VCID-3qrr-p9p3-9qh9

vulnerability	VCID-6mg5-v1v5-7fcm

vulnerability	VCID-8sfz-3j1k-9qdc

vulnerability	VCID-a48f-8j4j-c3c3

vulnerability	VCID-atkm-qtr6-skbz

vulnerability	VCID-bfgu-fqvj-qua8

vulnerability	VCID-dpqu-apb4-vbbb

vulnerability	VCID-ev6y-u4sw-7ba7

vulnerability	VCID-g6x1-5jmt-nufu

vulnerability	VCID-jykg-cpvb-cbec

vulnerability	VCID-nwyr-pbu6-77hv

vulnerability	VCID-rn5d-2usk-8fdz

vulnerability	VCID-sahz-er9j-7fgd

vulnerability	VCID-wfz4-43wd-2fgc

vulnerability	VCID-yb5x-m5sw-6fga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/util-linux@2.12r-19etch1

url pkg:deb/debian/util-linux@2.13.1.1-1

purl pkg:deb/debian/util-linux@2.13.1.1-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fkf-pg88-67gm

vulnerability	VCID-1y4y-wz8e-b7ap

vulnerability	VCID-3qrr-p9p3-9qh9

vulnerability	VCID-6mg5-v1v5-7fcm

vulnerability	VCID-8sfz-3j1k-9qdc

vulnerability	VCID-a48f-8j4j-c3c3

vulnerability	VCID-atkm-qtr6-skbz

vulnerability	VCID-bfgu-fqvj-qua8

vulnerability	VCID-dpqu-apb4-vbbb

vulnerability	VCID-ev6y-u4sw-7ba7

vulnerability	VCID-jykg-cpvb-cbec

vulnerability	VCID-nwyr-pbu6-77hv

vulnerability	VCID-rn5d-2usk-8fdz

vulnerability	VCID-sahz-er9j-7fgd

vulnerability	VCID-wfz4-43wd-2fgc

vulnerability	VCID-yb5x-m5sw-6fga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/util-linux@2.13.1.1-1

url pkg:deb/debian/util-linux@2.17.2-9

purl pkg:deb/debian/util-linux@2.17.2-9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1fkf-pg88-67gm

vulnerability	VCID-1y4y-wz8e-b7ap

vulnerability	VCID-3qrr-p9p3-9qh9

vulnerability	VCID-6mg5-v1v5-7fcm

vulnerability	VCID-8sfz-3j1k-9qdc

vulnerability	VCID-a48f-8j4j-c3c3

vulnerability	VCID-atkm-qtr6-skbz

vulnerability	VCID-bfgu-fqvj-qua8

vulnerability	VCID-ev6y-u4sw-7ba7

vulnerability	VCID-jykg-cpvb-cbec

vulnerability	VCID-nwyr-pbu6-77hv

vulnerability	VCID-rn5d-2usk-8fdz

vulnerability	VCID-sahz-er9j-7fgd

vulnerability	VCID-wfz4-43wd-2fgc

vulnerability	VCID-yb5x-m5sw-6fga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/util-linux@2.17.2-9

url pkg:deb/debian/util-linux@2.20.1-5.3

purl pkg:deb/debian/util-linux@2.20.1-5.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1y4y-wz8e-b7ap

vulnerability	VCID-3qrr-p9p3-9qh9

vulnerability	VCID-6mg5-v1v5-7fcm

vulnerability	VCID-a48f-8j4j-c3c3

vulnerability	VCID-atkm-qtr6-skbz

vulnerability	VCID-bfgu-fqvj-qua8

vulnerability	VCID-ev6y-u4sw-7ba7

vulnerability	VCID-jykg-cpvb-cbec

vulnerability	VCID-nwyr-pbu6-77hv

vulnerability	VCID-rn5d-2usk-8fdz

vulnerability	VCID-sahz-er9j-7fgd

vulnerability	VCID-wfz4-43wd-2fgc

vulnerability	VCID-yb5x-m5sw-6fga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/util-linux@2.20.1-5.3

url pkg:deb/debian/util-linux@2.25.2-6

purl pkg:deb/debian/util-linux@2.25.2-6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1y4y-wz8e-b7ap

vulnerability	VCID-3qrr-p9p3-9qh9

vulnerability	VCID-6mg5-v1v5-7fcm

vulnerability	VCID-atkm-qtr6-skbz

vulnerability	VCID-bfgu-fqvj-qua8

vulnerability	VCID-ev6y-u4sw-7ba7

vulnerability	VCID-jykg-cpvb-cbec

vulnerability	VCID-nwyr-pbu6-77hv

vulnerability	VCID-rn5d-2usk-8fdz

vulnerability	VCID-sahz-er9j-7fgd

vulnerability	VCID-yb5x-m5sw-6fga

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/util-linux@2.25.2-6

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-21583.json

reference_id

reference_type

scores

value	6.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-21583.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-21583

reference_id

reference_type

scores

value	0.00038
scoring_system	epss
scoring_elements	0.11641
published_at	2026-06-04T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11604
published_at	2026-06-08T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11728
published_at	2026-06-05T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11722
published_at	2026-06-06T12:55:00Z

value	0.00038
scoring_system	epss
scoring_elements	0.11687
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-21583

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21583
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21583

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2238716
reference_id	2238716
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2238716

reference_url

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786804

reference_id

786804

reference_type

scores

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-07T15:19:58Z/

url

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786804

reference_url

https://packetstormsecurity.com/files/132061/hwclock-Privilege-Escalation.html

reference_id

hwclock-Privilege-Escalation.html

reference_type

scores

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-07T15:19:58Z/

url

https://packetstormsecurity.com/files/132061/hwclock-Privilege-Escalation.html

Weaknesses

cwe_id	78
name	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
description	The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

Exploits

Severity_range_score 6.4 - 8.4

Exploitability 0.5

Weighted_severity 5.8

Risk_score 2.9

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1y4y-wz8e-b7ap

Vulnerability Instance