VulnerableCode Package Details - pkg:rpm/redhat/ceph@2:12.2.12-139?arch=el7cp

Search for packages

Vulnerability	Summary	Fixed by
VCID-45eq-pv3j-2uh9 Aliases: CVE-2021-3139	tcmu-runner: SCSI target (LIO) write to any block on ILO backstore	There are no reported fixed by versions.
VCID-4mk7-e67u-zkgy Aliases: CVE-2020-27781	Multiple vulnerabilities have been found in Ceph, the worst of which could result in privilege escalation.	There are no reported fixed by versions.
VCID-6kbn-psnc-q3cy Aliases: CVE-2020-12059	ceph: specially crafted XML payload on POST requests leads to DoS by crashing RGW	There are no reported fixed by versions.
VCID-j6nn-jkc5-k3f6 Aliases: CVE-2020-13379 GHSA-wc9w-wvq2-ffm9	Server Side Request Forgery in Grafana The avatar feature in Grafana (github.com/grafana/grafana/pkg/api/avatar) 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue that allows remote code execution. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-45eq-pv3j-2uh9
Aliases:
CVE-2021-3139

tcmu-runner: SCSI target (LIO) write to any block on ILO backstore

There are no reported fixed by versions.

VCID-4mk7-e67u-zkgy
Aliases:
CVE-2020-27781

Multiple vulnerabilities have been found in Ceph, the worst of which could result in privilege escalation.

There are no reported fixed by versions.

VCID-6kbn-psnc-q3cy
Aliases:
CVE-2020-12059

ceph: specially crafted XML payload on POST requests leads to DoS by crashing RGW

There are no reported fixed by versions.

VCID-j6nn-jkc5-k3f6
Aliases:
CVE-2020-13379
GHSA-wc9w-wvq2-ffm9

Server Side Request Forgery in Grafana The avatar feature in Grafana (github.com/grafana/grafana/pkg/api/avatar) 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue that allows remote code execution. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:09:12.062717+00:00	RedHat Importer	Affected by	VCID-6kbn-psnc-q3cy	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12059.json	38.0.0
2026-04-01T14:06:27.099365+00:00	RedHat Importer	Affected by	VCID-j6nn-jkc5-k3f6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13379.json	38.0.0
2026-04-01T14:03:38.450427+00:00	RedHat Importer	Affected by	VCID-4mk7-e67u-zkgy	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27781.json	38.0.0
2026-04-01T14:03:30.998463+00:00	RedHat Importer	Affected by	VCID-45eq-pv3j-2uh9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3139.json	38.0.0