VulnerableCode Package Details - pkg:alpm/archlinux/podman@3.4.4-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-e4bk-d465-juhk	Clarify Content-Type handling ### Impact In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifests” and “layers” fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently. ### Patches The OCI Distribution Specification will be updated to require that a `mediaType` value present in a manifest or index match the Content-Type header used during the push and pull operations. ### Workarounds Clients pulling from a registry may distrust the Content-Type header and reject an ambiguous document that contains both “manifests” and “layers” fields or “manifests” and “config” fields. ### References https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh ### For more information If you have any questions or comments about this advisory: * Open an issue in https://github.com/opencontainers/distribution-spec/ * Email us at security@opencontainers.org	CVE-2021-41190 GHSA-mc8v-mgrf-8f4m
VCID-mzjw-b6mh-nugs	Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM.	CVE-2021-4024 GHSA-3cf2-x423-x582

Vulnerability

Summary

Aliases

VCID-e4bk-d465-juhk

Clarify Content-Type handling ### Impact In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifests” and “layers” fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently. ### Patches The OCI Distribution Specification will be updated to require that a `mediaType` value present in a manifest or index match the Content-Type header used during the push and pull operations. ### Workarounds Clients pulling from a registry may distrust the Content-Type header and reject an ambiguous document that contains both “manifests” and “layers” fields or “manifests” and “config” fields. ### References https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh ### For more information If you have any questions or comments about this advisory: * Open an issue in https://github.com/opencontainers/distribution-spec/ * Email us at security@opencontainers.org

CVE-2021-41190
GHSA-mc8v-mgrf-8f4m

VCID-mzjw-b6mh-nugs

Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM.

CVE-2021-4024
GHSA-3cf2-x423-x582

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T18:26:28.471185+00:00	Arch Linux Importer	Fixing	VCID-mzjw-b6mh-nugs	https://security.archlinux.org/AVG-2591	38.0.0
2026-04-01T18:26:28.443716+00:00	Arch Linux Importer	Fixing	VCID-e4bk-d465-juhk	https://security.archlinux.org/AVG-2591	38.0.0

2026-04-01T18:26:28.471185+00:00

Arch Linux Importer

Fixing

VCID-mzjw-b6mh-nugs

https://security.archlinux.org/AVG-2591

38.0.0

2026-04-01T18:26:28.443716+00:00

Arch Linux Importer

Fixing

VCID-e4bk-d465-juhk

https://security.archlinux.org/AVG-2591

38.0.0