{"url":"http://public2.vulnerablecode.io/api/packages/1052484?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1","type":"deb","namespace":"debian","name":"docker.io","version":"20.10.5+dfsg1-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"20.10.24+dfsg1-1","latest_non_vulnerable_version":"26.1.5+dfsg1-9","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18277?format=json","vulnerability_id":"VCID-3eju-5upk-auhy","summary":"`docker cp` allows unexpected chmod of host files in Moby Docker Engine\n## Impact\nA bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process.\n\n## Patches\nThis bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.\n\n## Workarounds\nEnsure you only run trusted containers.\n\n## Credits\nThe Moby project would like to thank Lei Wang and Ruizhi Xiao for responsibly disclosing this issue in accordance with the [Moby security policy](https://github.com/moby/moby/blob/master/SECURITY.md).\n\n## For more information\nIf you have any questions or comments about this advisory:\n\n* [Open an issue](https://github.com/moby/moby/issues/new)\n* Email us at  security@docker.com  if you think you’ve found a security bug","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41089.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41089.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41089","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08644","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08652","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08679","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08727","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08651","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08728","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08752","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08753","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.0873","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08715","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08605","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08592","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08744","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08756","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.0871","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08714","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41089"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41089","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41089"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/moby","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby"},{"reference_url":"https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41089","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41089"},{"reference_url":"https://pkg.go.dev/vuln/GO-2024-2913","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2024-2913"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2008592","reference_id":"2008592","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2008592"},{"reference_url":"https://security.archlinux.org/AVG-2440","reference_id":"AVG-2440","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2440"},{"reference_url":"https://security.gentoo.org/glsa/202409-29","reference_id":"GLSA-202409-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-29"},{"reference_url":"https://usn.ubuntu.com/5103-1/","reference_id":"USN-5103-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5103-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582636?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-41ft-14gt-bbbq"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2"}],"aliases":["CVE-2021-41089","GHSA-v994-f8vw-g7j4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3eju-5upk-auhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18133?format=json","vulnerability_id":"VCID-41ft-14gt-bbbq","summary":"Authz zero length regression\nA security vulnerability has been detected in certain versions of Docker Engine, which could allow an attacker to bypass [authorization plugins (AuthZ)](https://docs.docker.com/engine/extend/plugins_authorization/) under specific circumstances. The base likelihood of this being exploited is low. This advisory outlines the issue, identifies the affected versions, and provides remediation steps for impacted users.\n\n### Impact\n\nUsing a specially-crafted API request, an Engine API client could make the daemon forward the request or response to an [authorization plugin](https://docs.docker.com/engine/extend/plugins_authorization/) without the body. In certain circumstances, the authorization plugin may allow a request which it would have otherwise denied if the body had been forwarded to it.\n\n\nA security issue was discovered In 2018,  where an attacker could bypass AuthZ plugins using a specially crafted API request. This could lead to unauthorized actions, including privilege escalation. Although this issue was fixed in Docker Engine [v18.09.1](https://docs.docker.com/engine/release-notes/18.09/#security-fixes-1) in January 2019, the fix was not carried forward to later major versions, resulting in a regression. Anyone who depends on authorization plugins that introspect the request and/or response body to make access control decisions is potentially impacted.\n\nDocker EE v19.03.x and all versions of Mirantis Container Runtime **are not vulnerable.**\n\n### Vulnerability details\n\n- **AuthZ bypass and privilege escalation:** An attacker could exploit a bypass using an API request with Content-Length set to 0, causing the Docker daemon to forward the request without the body to the AuthZ plugin, which might approve the request incorrectly.\n- **Initial fix:** The issue was fixed in Docker Engine [v18.09.1](https://docs.docker.com/engine/release-notes/18.09/#security-fixes-1) January 2019..\n- **Regression:** The fix was not included in Docker Engine v19.03 or newer versions. This was identified in April 2024 and patches were released for the affected versions on July 23, 2024. The issue was assigned [CVE-2024-41110](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110).\n\n### Patches\n\n- docker-ce v27.1.1 containes patches to fix the vulnerability.\n- Patches have also been merged into the master, 19.0, 20.0, 23.0, 24.0, 25.0, 26.0, and 26.1 release branches.\n\n### Remediation steps\n\n- If you are running an affected version, update to the most recent patched version.\n- Mitigation if unable to update immediately:\n    - Avoid using AuthZ plugins.\n    - Restrict access to the Docker API to trusted parties, following the principle of least privilege.\n\n\n### References\n\n- https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb\n- https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1\n- https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin/","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41110.json","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-41110.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41110","reference_id":"","reference_type":"","scores":[{"value":"0.03033","scoring_system":"epss","scoring_elements":"0.8669","published_at":"2026-04-24T12:55:00Z"},{"value":"0.03417","scoring_system":"epss","scoring_elements":"0.87459","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04028","scoring_system":"epss","scoring_elements":"0.88497","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04028","scoring_system":"epss","scoring_elements":"0.88517","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04028","scoring_system":"epss","scoring_elements":"0.88501","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04028","scoring_system":"epss","scoring_elements":"0.88486","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04028","scoring_system":"epss","scoring_elements":"0.88487","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04028","scoring_system":"epss","scoring_elements":"0.88494","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04028","scoring_system":"epss","scoring_elements":"0.88484","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04028","scoring_system":"epss","scoring_elements":"0.88478","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04028","scoring_system":"epss","scoring_elements":"0.88459","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04028","scoring_system":"epss","scoring_elements":"0.88455","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04028","scoring_system":"epss","scoring_elements":"0.8844","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04128","scoring_system":"epss","scoring_elements":"0.88682","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41110"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/moby","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby"},{"reference_url":"https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/"}],"url":"https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191"},{"reference_url":"https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/"}],"url":"https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76"},{"reference_url":"https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/"}],"url":"https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919"},{"reference_url":"https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/"}],"url":"https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b"},{"reference_url":"https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/"}],"url":"https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0"},{"reference_url":"https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/"}],"url":"https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1"},{"reference_url":"https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/"}],"url":"https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00"},{"reference_url":"https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/"}],"url":"https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f"},{"reference_url":"https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/"}],"url":"https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801"},{"reference_url":"https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/"}],"url":"https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/"}],"url":"https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41110","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41110"},{"reference_url":"https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-26T03:55:30Z/"}],"url":"https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2299720","reference_id":"2299720","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2299720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3714","reference_id":"RHSA-2025:3714","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3714"},{"reference_url":"https://usn.ubuntu.com/7161-1/","reference_id":"USN-7161-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7161-1/"},{"reference_url":"https://usn.ubuntu.com/7161-2/","reference_id":"USN-7161-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7161-2/"},{"reference_url":"https://usn.ubuntu.com/7161-3/","reference_id":"USN-7161-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7161-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582637?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1"}],"aliases":["CVE-2024-41110","GHSA-v23v-6jw2-98fq"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-41ft-14gt-bbbq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18958?format=json","vulnerability_id":"VCID-bhju-575k-ebh3","summary":"Docker CLI leaks private registry credentials to registry-1.docker.io\n## Impact\n\nA bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry.\n\n## Patches\n\nThis bug has been fixed in Docker CLI 20.10.9.  Users should update to this version as soon as possible.\n\n## Workarounds\n\nEnsure that any configured `credsStore` or `credHelpers` entries in the configuration file reference an installed credential helper that is executable and on the `PATH`.\n\n## For more information\n\nIf you have any questions or comments about this advisory:\n\n* [Open an issue](https://github.com/docker/cli/issues/new/choose)\n* Email us at security@docker.com if you think you’ve found a security bug","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41092.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41092.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41092","reference_id":"","reference_type":"","scores":[{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22666","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22766","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22772","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22778","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22948","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22984","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22991","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22977","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23034","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.2307","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22925","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23134","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22923","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.2305","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22998","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23089","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41092"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41092","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41092"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b"},{"reference_url":"https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41092","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41092"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023449","reference_id":"2023449","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023449"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998292","reference_id":"998292","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998292"},{"reference_url":"https://security.archlinux.org/AVG-2440","reference_id":"AVG-2440","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2440"},{"reference_url":"https://usn.ubuntu.com/5134-1/","reference_id":"USN-5134-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5134-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582636?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-41ft-14gt-bbbq"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2"}],"aliases":["CVE-2021-41092","GHSA-99pg-grm5-qq3v"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bhju-575k-ebh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14446?format=json","vulnerability_id":"VCID-e9ng-x516-53cf","summary":"Moby (Docker Engine) Insufficiently restricted permissions on data directory\n## Impact\n\nA bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs.  When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs.  When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files.\n\n## Patches\n\nThis bug has been fixed in Moby (Docker Engine) 20.10.9.  Users should update to this version as soon as possible.  Running containers should be stopped and restarted for the permissions to be fixed.\n\n## Workarounds\n\nLimit access to the host to trusted users.  Limit access to host volumes to trusted containers.\n\n## Credits\n\nThe Moby project would like to thank Joan Bruguera for responsibly disclosing this issue in accordance with the [Moby security policy](https://github.com/moby/moby/blob/master/SECURITY.md).\n\n## For more information\n\nIf you have any questions or comments about this advisory:\n\n* [Open an issue](https://github.com/moby/moby/issues/new)\n* Email us at security@docker.com if you think you’ve found a security bug","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41091.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41091.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41091","reference_id":"","reference_type":"","scores":[{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.89467","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.89459","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.89458","published_at":"2026-04-26T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.89454","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.89438","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.89441","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.8944","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.8943","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.89429","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.89424","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0558","scoring_system":"epss","scoring_elements":"0.90272","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0558","scoring_system":"epss","scoring_elements":"0.90291","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0558","scoring_system":"epss","scoring_elements":"0.90259","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0558","scoring_system":"epss","scoring_elements":"0.90276","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0558","scoring_system":"epss","scoring_elements":"0.90298","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0558","scoring_system":"epss","scoring_elements":"0.90256","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41091"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41091","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41091"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/moby","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby"},{"reference_url":"https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41091","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41091"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023448","reference_id":"2023448","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023448"},{"reference_url":"https://security.archlinux.org/AVG-2440","reference_id":"AVG-2440","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2440"},{"reference_url":"https://security.gentoo.org/glsa/202409-29","reference_id":"GLSA-202409-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582636?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-41ft-14gt-bbbq"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2"}],"aliases":["CVE-2021-41091","GHSA-3fwx-pjgw-3558"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e9ng-x516-53cf"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39463?format=json","vulnerability_id":"VCID-6vru-hsfs-rufg","summary":"Multiple vulnerabilities have been found in containerd, the worst\n    of which could result in privilege escalation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15257.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15257.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15257","reference_id":"","reference_type":"","scores":[{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93514","published_at":"2026-05-05T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93442","published_at":"2026-04-01T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.9345","published_at":"2026-04-02T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93458","published_at":"2026-04-07T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93466","published_at":"2026-04-08T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.9347","published_at":"2026-04-09T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93475","published_at":"2026-04-13T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93495","published_at":"2026-04-16T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93501","published_at":"2026-04-18T12:55:00Z"},{"value":"0.11147","scoring_system":"epss","scoring_elements":"0.93506","published_at":"2026-04-29T12:55:00Z"},{"value":"0.11997","scoring_system":"epss","scoring_elements":"0.93803","published_at":"2026-04-26T12:55:00Z"},{"value":"0.11997","scoring_system":"epss","scoring_elements":"0.93802","published_at":"2026-04-21T12:55:00Z"},{"value":"0.11997","scoring_system":"epss","scoring_elements":"0.93806","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15257"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/containerd/containerd/commit/4a4bb851f5da563ff6e68a83dc837c7699c469ad","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/commit/4a4bb851f5da563ff6e68a83dc837c7699c469ad"},{"reference_url":"https://github.com/containerd/containerd/releases/tag/v1.4.3","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/releases/tag/v1.4.3"},{"reference_url":"https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNKXLOLZWO5FMAPX63ZL7JNKTNNT5NQD","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNKXLOLZWO5FMAPX63ZL7JNKTNNT5NQD"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15257","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15257"},{"reference_url":"https://research.nccgroup.com/2020/12/10/abstract-shimmer-cve-2020-15257-host-networking-is-root-equivalent-again","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://research.nccgroup.com/2020/12/10/abstract-shimmer-cve-2020-15257-host-networking-is-root-equivalent-again"},{"reference_url":"https://security.gentoo.org/glsa/202105-33","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202105-33"},{"reference_url":"https://www.debian.org/security/2021/dsa-4865","reference_id":"","reference_type":"","scores":[{"value":"5.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4865"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1899487","reference_id":"1899487","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1899487"},{"reference_url":"https://security.archlinux.org/ASA-202012-8","reference_id":"ASA-202012-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202012-8"},{"reference_url":"https://security.archlinux.org/AVG-1309","reference_id":"AVG-1309","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1309"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2183","reference_id":"RHSA-2022:2183","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2183"},{"reference_url":"https://usn.ubuntu.com/4653-1/","reference_id":"USN-4653-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4653-1/"},{"reference_url":"https://usn.ubuntu.com/4653-2/","reference_id":"USN-4653-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4653-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037875?format=json","purl":"pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3eju-5upk-auhy"},{"vulnerability":"VCID-41ft-14gt-bbbq"},{"vulnerability":"VCID-6vru-hsfs-rufg"},{"vulnerability":"VCID-bhju-575k-ebh3"},{"vulnerability":"VCID-e9ng-x516-53cf"},{"vulnerability":"VCID-gbw6-3a59-mbhu"},{"vulnerability":"VCID-gund-83cy-9fap"},{"vulnerability":"VCID-h83p-v26k-s7fa"},{"vulnerability":"VCID-pevy-d197-zydv"},{"vulnerability":"VCID-u44m-mgza-nfcx"},{"vulnerability":"VCID-uckr-kzdf-7ydj"},{"vulnerability":"VCID-yt33-nmzd-r3cs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1052484?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3eju-5upk-auhy"},{"vulnerability":"VCID-41ft-14gt-bbbq"},{"vulnerability":"VCID-bhju-575k-ebh3"},{"vulnerability":"VCID-e9ng-x516-53cf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1"}],"aliases":["CVE-2020-15257","GHSA-36xw-fx78-c5r4"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6vru-hsfs-rufg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53011?format=json","vulnerability_id":"VCID-gbw6-3a59-mbhu","summary":"containerd v1.2.x can be coerced into leaking credentials during image pull\n## Impact\n\nIf a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a “foreign layer”), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers.\n\nIf an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account.\n\nThe default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it.\n\nThis vulnerability has been rated by the containerd maintainers as medium, with a CVSS score of 6.1 and a vector string of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N.\n\n## Patches\n\nThis vulnerability has been fixed in containerd 1.2.14.  containerd 1.3 and later are not affected.\n\n## Workarounds\n\nIf you are using containerd 1.3 or later, you are not affected.  If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources.  Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected.\n\n## Credits\n\nThe containerd maintainers would like to thank Brad Geesaman, Josh Larsen, Ian Coldwater, Duffie Cooley, and Rory McCune for responsibly disclosing this issue in accordance with the [containerd security policy](https://github.com/containerd/project/blob/master/SECURITY.md).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15157.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-15157.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15157","reference_id":"","reference_type":"","scores":[{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73705","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73575","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73584","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73608","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.7358","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73617","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73629","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73652","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73634","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73625","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73669","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73678","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.73712","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74887","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74851","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00846","scoring_system":"epss","scoring_elements":"0.74894","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285"},{"reference_url":"https://darkbit.io/blog/cve-2020-15157-containerdrip","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://darkbit.io/blog/cve-2020-15157-containerdrip"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/containerd/containerd","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd"},{"reference_url":"https://github.com/containerd/containerd/commit/1ead8d9deb3b175bf40413b8c47b3d19c2262726","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/commit/1ead8d9deb3b175bf40413b8c47b3d19c2262726"},{"reference_url":"https://github.com/containerd/containerd/releases/tag/v1.2.14","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/releases/tag/v1.2.14"},{"reference_url":"https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15157","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-15157"},{"reference_url":"https://usn.ubuntu.com/4589-1","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4589-1"},{"reference_url":"https://usn.ubuntu.com/4589-2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4589-2"},{"reference_url":"https://www.debian.org/security/2021/dsa-4865","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4865"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1888248","reference_id":"1888248","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1888248"},{"reference_url":"https://usn.ubuntu.com/4589-1/","reference_id":"USN-4589-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4589-1/"},{"reference_url":"https://usn.ubuntu.com/4589-2/","reference_id":"USN-4589-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4589-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037875?format=json","purl":"pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3eju-5upk-auhy"},{"vulnerability":"VCID-41ft-14gt-bbbq"},{"vulnerability":"VCID-6vru-hsfs-rufg"},{"vulnerability":"VCID-bhju-575k-ebh3"},{"vulnerability":"VCID-e9ng-x516-53cf"},{"vulnerability":"VCID-gbw6-3a59-mbhu"},{"vulnerability":"VCID-gund-83cy-9fap"},{"vulnerability":"VCID-h83p-v26k-s7fa"},{"vulnerability":"VCID-pevy-d197-zydv"},{"vulnerability":"VCID-u44m-mgza-nfcx"},{"vulnerability":"VCID-uckr-kzdf-7ydj"},{"vulnerability":"VCID-yt33-nmzd-r3cs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1052484?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3eju-5upk-auhy"},{"vulnerability":"VCID-41ft-14gt-bbbq"},{"vulnerability":"VCID-bhju-575k-ebh3"},{"vulnerability":"VCID-e9ng-x516-53cf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1"}],"aliases":["CVE-2020-15157","GHSA-742w-89gc-8m9c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gbw6-3a59-mbhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14284?format=json","vulnerability_id":"VCID-gund-83cy-9fap","summary":"moby Access to remapped root allows privilege escalation to real root\n### Impact\n\nWhen using `--userns-remap`, if the root user in the remapped namespace has access to the host filesystem they can modify files under `/var/lib/docker/<remapping>` that cause writing files with extended privileges.\n\n### Patches\n\nVersions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user.\n\n### Credits\n\nMaintainers would like to thank Alex Chapman for discovering the vulnerability; @awprice, @nathanburrell, @raulgomis, @chris-walz, @erin-jensby, @bassmatt, @mark-adams, @dbaxa for working on it and Zac Ellis for responsibly disclosing it to security@docker.com","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21284.json","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21284.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21284","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05595","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05312","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05354","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05384","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05392","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05426","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05448","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05422","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05409","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05401","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05357","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05518","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05555","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05592","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0559","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21284"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285"},{"reference_url":"https://docs.docker.com/engine/release-notes/#20103","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.docker.com/engine/release-notes/#20103"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/moby/commit/64bd4485b3a66a597c02c95f5776395e540b2c7c","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/commit/64bd4485b3a66a597c02c95f5776395e540b2c7c"},{"reference_url":"https://github.com/moby/moby/releases/tag/v19.03.15","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/releases/tag/v19.03.15"},{"reference_url":"https://github.com/moby/moby/releases/tag/v20.10.3","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/releases/tag/v20.10.3"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21284","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21284"},{"reference_url":"https://security.gentoo.org/glsa/202107-23","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202107-23"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210226-0005","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210226-0005"},{"reference_url":"https://www.debian.org/security/2021/dsa-4865","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4865"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1924740","reference_id":"1924740","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1924740"},{"reference_url":"https://security.archlinux.org/ASA-202102-12","reference_id":"ASA-202102-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202102-12"},{"reference_url":"https://security.archlinux.org/AVG-1528","reference_id":"AVG-1528","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1528"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037875?format=json","purl":"pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3eju-5upk-auhy"},{"vulnerability":"VCID-41ft-14gt-bbbq"},{"vulnerability":"VCID-6vru-hsfs-rufg"},{"vulnerability":"VCID-bhju-575k-ebh3"},{"vulnerability":"VCID-e9ng-x516-53cf"},{"vulnerability":"VCID-gbw6-3a59-mbhu"},{"vulnerability":"VCID-gund-83cy-9fap"},{"vulnerability":"VCID-h83p-v26k-s7fa"},{"vulnerability":"VCID-pevy-d197-zydv"},{"vulnerability":"VCID-u44m-mgza-nfcx"},{"vulnerability":"VCID-uckr-kzdf-7ydj"},{"vulnerability":"VCID-yt33-nmzd-r3cs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1052484?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3eju-5upk-auhy"},{"vulnerability":"VCID-41ft-14gt-bbbq"},{"vulnerability":"VCID-bhju-575k-ebh3"},{"vulnerability":"VCID-e9ng-x516-53cf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1"}],"aliases":["CVE-2021-21284","GHSA-7452-xqpj-6rpc"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gund-83cy-9fap"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49948?format=json","vulnerability_id":"VCID-h83p-v26k-s7fa","summary":"A flaw in Docker allowed possible information leakage.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13401.json","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13401.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13401","reference_id":"","reference_type":"","scores":[{"value":"0.1287","scoring_system":"epss","scoring_elements":"0.94076","published_at":"2026-05-05T12:55:00Z"},{"value":"0.1287","scoring_system":"epss","scoring_elements":"0.94007","published_at":"2026-04-01T12:55:00Z"},{"value":"0.1287","scoring_system":"epss","scoring_elements":"0.94017","published_at":"2026-04-02T12:55:00Z"},{"value":"0.1287","scoring_system":"epss","scoring_elements":"0.94027","published_at":"2026-04-04T12:55:00Z"},{"value":"0.1287","scoring_system":"epss","scoring_elements":"0.9403","published_at":"2026-04-07T12:55:00Z"},{"value":"0.1287","scoring_system":"epss","scoring_elements":"0.94039","published_at":"2026-04-08T12:55:00Z"},{"value":"0.1287","scoring_system":"epss","scoring_elements":"0.94043","published_at":"2026-04-09T12:55:00Z"},{"value":"0.1287","scoring_system":"epss","scoring_elements":"0.94047","published_at":"2026-04-13T12:55:00Z"},{"value":"0.1287","scoring_system":"epss","scoring_elements":"0.94063","published_at":"2026-04-16T12:55:00Z"},{"value":"0.1287","scoring_system":"epss","scoring_elements":"0.94068","published_at":"2026-04-18T12:55:00Z"},{"value":"0.1287","scoring_system":"epss","scoring_elements":"0.94067","published_at":"2026-04-21T12:55:00Z"},{"value":"0.1287","scoring_system":"epss","scoring_elements":"0.94069","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13401"},{"reference_url":"https://docs.docker.com/engine/release-notes","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.docker.com/engine/release-notes"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/docker/docker-ce/releases/tag/v19.03.11","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/docker/docker-ce/releases/tag/v19.03.11"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13401","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13401"},{"reference_url":"https://security.netapp.com/advisory/ntap-20200717-0002","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20200717-0002"},{"reference_url":"https://www.debian.org/security/2020/dsa-4716","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4716"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/06/01/5","reference_id":"","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/06/01/5"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1833233","reference_id":"1833233","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1833233"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962141","reference_id":"962141","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962141"},{"reference_url":"https://security.gentoo.org/glsa/202008-15","reference_id":"GLSA-202008-15","reference_type":"","scores":[{"value":"6.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202008-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037875?format=json","purl":"pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3eju-5upk-auhy"},{"vulnerability":"VCID-41ft-14gt-bbbq"},{"vulnerability":"VCID-6vru-hsfs-rufg"},{"vulnerability":"VCID-bhju-575k-ebh3"},{"vulnerability":"VCID-e9ng-x516-53cf"},{"vulnerability":"VCID-gbw6-3a59-mbhu"},{"vulnerability":"VCID-gund-83cy-9fap"},{"vulnerability":"VCID-h83p-v26k-s7fa"},{"vulnerability":"VCID-pevy-d197-zydv"},{"vulnerability":"VCID-u44m-mgza-nfcx"},{"vulnerability":"VCID-uckr-kzdf-7ydj"},{"vulnerability":"VCID-yt33-nmzd-r3cs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1052484?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3eju-5upk-auhy"},{"vulnerability":"VCID-41ft-14gt-bbbq"},{"vulnerability":"VCID-bhju-575k-ebh3"},{"vulnerability":"VCID-e9ng-x516-53cf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1"}],"aliases":["CVE-2020-13401","GHSA-qrrc-ww9x-r43g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h83p-v26k-s7fa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54421?format=json","vulnerability_id":"VCID-pevy-d197-zydv","summary":"Moby Docker cp broken with debian containers\nIn Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14271.json","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-14271.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14271","reference_id":"","reference_type":"","scores":[{"value":"0.72198","scoring_system":"epss","scoring_elements":"0.98769","published_at":"2026-05-05T12:55:00Z"},{"value":"0.72198","scoring_system":"epss","scoring_elements":"0.98748","published_at":"2026-04-07T12:55:00Z"},{"value":"0.72198","scoring_system":"epss","scoring_elements":"0.98745","published_at":"2026-04-04T12:55:00Z"},{"value":"0.72198","scoring_system":"epss","scoring_elements":"0.98742","published_at":"2026-04-02T12:55:00Z"},{"value":"0.72198","scoring_system":"epss","scoring_elements":"0.98741","published_at":"2026-04-01T12:55:00Z"},{"value":"0.72198","scoring_system":"epss","scoring_elements":"0.98764","published_at":"2026-04-29T12:55:00Z"},{"value":"0.72198","scoring_system":"epss","scoring_elements":"0.98756","published_at":"2026-04-18T12:55:00Z"},{"value":"0.72198","scoring_system":"epss","scoring_elements":"0.98754","published_at":"2026-04-13T12:55:00Z"},{"value":"0.72198","scoring_system":"epss","scoring_elements":"0.98752","published_at":"2026-04-12T12:55:00Z"},{"value":"0.72198","scoring_system":"epss","scoring_elements":"0.98749","published_at":"2026-04-09T12:55:00Z"},{"value":"0.72589","scoring_system":"epss","scoring_elements":"0.98774","published_at":"2026-04-21T12:55:00Z"},{"value":"0.72589","scoring_system":"epss","scoring_elements":"0.98777","published_at":"2026-04-24T12:55:00Z"},{"value":"0.72589","scoring_system":"epss","scoring_elements":"0.98779","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-14271"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271"},{"reference_url":"https://docs.docker.com/engine/release-notes","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.docker.com/engine/release-notes"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/moby","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby"},{"reference_url":"https://github.com/moby/moby/commit/11e48badcb67554b3d795241855028f28d244545","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/commit/11e48badcb67554b3d795241855028f28d244545"},{"reference_url":"https://github.com/moby/moby/commit/fa8dd90ceb7bcb9d554d27e0b9087ab83e54bd2b","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/commit/fa8dd90ceb7bcb9d554d27e0b9087ab83e54bd2b"},{"reference_url":"https://github.com/moby/moby/issues/39449","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/issues/39449"},{"reference_url":"https://github.com/moby/moby/pull/39612","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/pull/39612"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14271","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-14271"},{"reference_url":"https://seclists.org/bugtraq/2019/Sep/21","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/Sep/21"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190828-0003","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20190828-0003"},{"reference_url":"https://www.debian.org/security/2019/dsa-4521","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2019/dsa-4521"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1747222","reference_id":"1747222","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1747222"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037875?format=json","purl":"pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3eju-5upk-auhy"},{"vulnerability":"VCID-41ft-14gt-bbbq"},{"vulnerability":"VCID-6vru-hsfs-rufg"},{"vulnerability":"VCID-bhju-575k-ebh3"},{"vulnerability":"VCID-e9ng-x516-53cf"},{"vulnerability":"VCID-gbw6-3a59-mbhu"},{"vulnerability":"VCID-gund-83cy-9fap"},{"vulnerability":"VCID-h83p-v26k-s7fa"},{"vulnerability":"VCID-pevy-d197-zydv"},{"vulnerability":"VCID-u44m-mgza-nfcx"},{"vulnerability":"VCID-uckr-kzdf-7ydj"},{"vulnerability":"VCID-yt33-nmzd-r3cs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1052484?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3eju-5upk-auhy"},{"vulnerability":"VCID-41ft-14gt-bbbq"},{"vulnerability":"VCID-bhju-575k-ebh3"},{"vulnerability":"VCID-e9ng-x516-53cf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1"}],"aliases":["CVE-2019-14271","GHSA-v2cv-wwxq-qq97"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pevy-d197-zydv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56740?format=json","vulnerability_id":"VCID-u44m-mgza-nfcx","summary":"Secret insertion into debug log in Docker\nIn Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13509.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13509.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13509","reference_id":"","reference_type":"","scores":[{"value":"0.0152","scoring_system":"epss","scoring_elements":"0.81338","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0155","scoring_system":"epss","scoring_elements":"0.8141","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0155","scoring_system":"epss","scoring_elements":"0.8145","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0155","scoring_system":"epss","scoring_elements":"0.81451","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0155","scoring_system":"epss","scoring_elements":"0.81473","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0155","scoring_system":"epss","scoring_elements":"0.8148","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0155","scoring_system":"epss","scoring_elements":"0.81485","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0155","scoring_system":"epss","scoring_elements":"0.81348","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0155","scoring_system":"epss","scoring_elements":"0.81357","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0155","scoring_system":"epss","scoring_elements":"0.81379","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0155","scoring_system":"epss","scoring_elements":"0.81377","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0155","scoring_system":"epss","scoring_elements":"0.81405","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0155","scoring_system":"epss","scoring_elements":"0.81432","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0155","scoring_system":"epss","scoring_elements":"0.81419","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0155","scoring_system":"epss","scoring_elements":"0.81412","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0155","scoring_system":"epss","scoring_elements":"0.81449","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271"},{"reference_url":"https://docs.docker.com/engine/release-notes/18.09","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.docker.com/engine/release-notes/18.09"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-13509","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-13509"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732418","reference_id":"1732418","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732418"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932673","reference_id":"932673","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932673"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037875?format=json","purl":"pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3eju-5upk-auhy"},{"vulnerability":"VCID-41ft-14gt-bbbq"},{"vulnerability":"VCID-6vru-hsfs-rufg"},{"vulnerability":"VCID-bhju-575k-ebh3"},{"vulnerability":"VCID-e9ng-x516-53cf"},{"vulnerability":"VCID-gbw6-3a59-mbhu"},{"vulnerability":"VCID-gund-83cy-9fap"},{"vulnerability":"VCID-h83p-v26k-s7fa"},{"vulnerability":"VCID-pevy-d197-zydv"},{"vulnerability":"VCID-u44m-mgza-nfcx"},{"vulnerability":"VCID-uckr-kzdf-7ydj"},{"vulnerability":"VCID-yt33-nmzd-r3cs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1052484?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3eju-5upk-auhy"},{"vulnerability":"VCID-41ft-14gt-bbbq"},{"vulnerability":"VCID-bhju-575k-ebh3"},{"vulnerability":"VCID-e9ng-x516-53cf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1"}],"aliases":["CVE-2019-13509","GHSA-j249-ghv5-7mxv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u44m-mgza-nfcx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14025?format=json","vulnerability_id":"VCID-uckr-kzdf-7ydj","summary":"moby docker daemon crash during image pull of malicious image\n### Impact\n\nPulling an intentionally malformed Docker image manifest crashes the `dockerd` daemon.\n\n### Patches\n\nVersions 20.10.3 and 19.03.15 contain patches that prevent the daemon from crashing.\n\n### Credits\n\nMaintainers would like to thank Josh Larsen, Ian Coldwater, Duffie Cooley, Rory McCune for working on the vulnerability and Brad Geesaman for responsibly disclosing it to security@docker.com.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21285.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21285.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21285","reference_id":"","reference_type":"","scores":[{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57454","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57431","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57515","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57536","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57512","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57565","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57568","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57583","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57563","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57541","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57569","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57546","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57504","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57524","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00351","scoring_system":"epss","scoring_elements":"0.57503","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21285"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21284"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21285"},{"reference_url":"https://docs.docker.com/engine/release-notes/#20103","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.docker.com/engine/release-notes/#20103"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/moby/commit/8d3179546e79065adefa67cc697c09d0ab137d30","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/commit/8d3179546e79065adefa67cc697c09d0ab137d30"},{"reference_url":"https://github.com/moby/moby/releases/tag/v19.03.15","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/releases/tag/v19.03.15"},{"reference_url":"https://github.com/moby/moby/releases/tag/v20.10.3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/releases/tag/v20.10.3"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21285","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21285"},{"reference_url":"https://security.gentoo.org/glsa/202107-23","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.gentoo.org/glsa/202107-23"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210226-0005","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://security.netapp.com/advisory/ntap-20210226-0005"},{"reference_url":"https://www.debian.org/security/2021/dsa-4865","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2021/dsa-4865"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1924742","reference_id":"1924742","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1924742"},{"reference_url":"https://security.archlinux.org/ASA-202102-12","reference_id":"ASA-202102-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202102-12"},{"reference_url":"https://security.archlinux.org/AVG-1528","reference_id":"AVG-1528","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1528"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037875?format=json","purl":"pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3eju-5upk-auhy"},{"vulnerability":"VCID-41ft-14gt-bbbq"},{"vulnerability":"VCID-6vru-hsfs-rufg"},{"vulnerability":"VCID-bhju-575k-ebh3"},{"vulnerability":"VCID-e9ng-x516-53cf"},{"vulnerability":"VCID-gbw6-3a59-mbhu"},{"vulnerability":"VCID-gund-83cy-9fap"},{"vulnerability":"VCID-h83p-v26k-s7fa"},{"vulnerability":"VCID-pevy-d197-zydv"},{"vulnerability":"VCID-u44m-mgza-nfcx"},{"vulnerability":"VCID-uckr-kzdf-7ydj"},{"vulnerability":"VCID-yt33-nmzd-r3cs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1052484?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3eju-5upk-auhy"},{"vulnerability":"VCID-41ft-14gt-bbbq"},{"vulnerability":"VCID-bhju-575k-ebh3"},{"vulnerability":"VCID-e9ng-x516-53cf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1"}],"aliases":["CVE-2021-21285","GHSA-6fj5-m822-rqx8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uckr-kzdf-7ydj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82693?format=json","vulnerability_id":"VCID-yt33-nmzd-r3cs","summary":"docker: command injection due to a missing validation of the git ref command","references":[{"reference_url":"https://access.redhat.com/errata/RHBA-2019:3092","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHBA-2019:3092"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13139.json","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13139.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13139","reference_id":"","reference_type":"","scores":[{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67846","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67974","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67985","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67993","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67999","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67869","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67888","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.6792","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67933","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67957","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67943","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67907","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67945","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67958","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00548","scoring_system":"epss","scoring_elements":"0.67939","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13139"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13139"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13509"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14271"},{"reference_url":"https://docs.docker.com/engine/release-notes/#18094","reference_id":"","reference_type":"","scores":[],"url":"https://docs.docker.com/engine/release-notes/#18094"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/moby/pull/38944","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moby/moby/pull/38944"},{"reference_url":"https://seclists.org/bugtraq/2019/Sep/21","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/Sep/21"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190910-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190910-0001/"},{"reference_url":"https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/","reference_id":"","reference_type":"","scores":[],"url":"https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/"},{"reference_url":"https://www.debian.org/security/2019/dsa-4521","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2019/dsa-4521"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732627","reference_id":"1732627","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1732627"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933002","reference_id":"933002","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933002"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:docker:docker:*:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-13139","reference_id":"CVE-2019-13139","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"8.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-13139"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037875?format=json","purl":"pkg:deb/debian/docker.io@18.09.1%2Bdfsg1-7.1%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3eju-5upk-auhy"},{"vulnerability":"VCID-41ft-14gt-bbbq"},{"vulnerability":"VCID-6vru-hsfs-rufg"},{"vulnerability":"VCID-bhju-575k-ebh3"},{"vulnerability":"VCID-e9ng-x516-53cf"},{"vulnerability":"VCID-gbw6-3a59-mbhu"},{"vulnerability":"VCID-gund-83cy-9fap"},{"vulnerability":"VCID-h83p-v26k-s7fa"},{"vulnerability":"VCID-pevy-d197-zydv"},{"vulnerability":"VCID-u44m-mgza-nfcx"},{"vulnerability":"VCID-uckr-kzdf-7ydj"},{"vulnerability":"VCID-yt33-nmzd-r3cs"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@18.09.1%252Bdfsg1-7.1%252Bdeb10u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1052484?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3eju-5upk-auhy"},{"vulnerability":"VCID-41ft-14gt-bbbq"},{"vulnerability":"VCID-bhju-575k-ebh3"},{"vulnerability":"VCID-e9ng-x516-53cf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1"}],"aliases":["CVE-2019-13139"],"risk_score":3.8,"exploitability":"0.5","weighted_severity":"7.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yt33-nmzd-r3cs"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1"}