VulnerableCode Package Details - pkg:rpm/redhat/podman@1.6.4-26?arch=el7

Search for packages

Vulnerability	Summary	Fixed by
VCID-ckg3-5czq-t7ek Aliases: CVE-2020-14370 GHSA-c3wv-qmjj-45r6	Information disclosure in podman An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables.	There are no reported fixed by versions.
VCID-n82z-sfd6-x3af Aliases: CVE-2020-14040 GHSA-5rcv-m4m3-hfh7	golang.org/x/text Infinite loop Go version v0.3.3 of the x/text package fixes a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String. ### Specific Go Packages Affected golang.org/x/text/encoding/unicode golang.org/x/text/transform	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-ckg3-5czq-t7ek
Aliases:
CVE-2020-14370
GHSA-c3wv-qmjj-45r6

Information disclosure in podman An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables.

There are no reported fixed by versions.

VCID-n82z-sfd6-x3af
Aliases:
CVE-2020-14040
GHSA-5rcv-m4m3-hfh7

golang.org/x/text Infinite loop Go version v0.3.3 of the x/text package fixes a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String. ### Specific Go Packages Affected golang.org/x/text/encoding/unicode golang.org/x/text/transform

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:06:08.776762+00:00	RedHat Importer	Affected by	VCID-n82z-sfd6-x3af	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14040.json	38.0.0
2026-04-01T14:04:25.666134+00:00	RedHat Importer	Affected by	VCID-ckg3-5czq-t7ek	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14370.json	38.0.0

2026-04-01T14:06:08.776762+00:00

RedHat Importer

Affected by

VCID-n82z-sfd6-x3af

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14040.json

38.0.0

2026-04-01T14:04:25.666134+00:00

RedHat Importer

Affected by

VCID-ckg3-5czq-t7ek

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14370.json

38.0.0

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0