Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/openshift4/metallb-rhel9-operator:ose-metallb-operator-container@4.16.0-202508201333.p2.gf3eacb4.assembly.stream?arch=el9

Type rpm

Namespace redhat/openshift4

Name metallb-rhel9-operator:ose-metallb-operator-container

Version 4.16.0-202508201333.p2.gf3eacb4.assembly.stream

Qualifiers

arch	el9

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-kzen-6ybe-b3e1

vulnerability_id

VCID-kzen-6ybe-b3e1

summary

When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45339.json

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45339.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-45339

reference_id

reference_type

scores

value	0.00072
scoring_system	epss
scoring_elements	0.22099
published_at	2026-06-09T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.22201
published_at	2026-06-05T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.22189
published_at	2026-06-06T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.2214
published_at	2026-06-07T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.22085
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-45339

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45339
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45339

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/golang/glog

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	4.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/golang/glog

reference_url

https://github.com/golang/glog/pull/74

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	4.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-28T14:57:36Z/

url

https://github.com/golang/glog/pull/74

reference_url

https://github.com/golang/glog/pull/74/commits/b8741656e406e66d6992bc2c9575e460ecaa0ec2

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	4.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-28T14:57:36Z/

url

https://github.com/golang/glog/pull/74/commits/b8741656e406e66d6992bc2c9575e460ecaa0ec2

reference_url

https://groups.google.com/g/golang-announce/c/H-Q4ouHWyKs

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	4.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-28T14:57:36Z/

url

https://groups.google.com/g/golang-announce/c/H-Q4ouHWyKs

reference_url

https://lists.debian.org/debian-lts-announce/2025/02/msg00019.html

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	4.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2025/02/msg00019.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-45339

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	4.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-45339

reference_url

https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	4.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-28T14:57:36Z/

url

https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File

reference_url

https://pkg.go.dev/vuln/GO-2025-3372

reference_id

reference_type

scores

value	7.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

value	4.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-01-28T14:57:36Z/

url

https://pkg.go.dev/vuln/GO-2025-3372

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094733
reference_id	1094733
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094733

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2342463
reference_id	2342463
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2342463

reference_url	https://access.redhat.com/errata/RHSA-2025:11673
reference_id	RHSA-2025:11673
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11673

reference_url	https://access.redhat.com/errata/RHSA-2025:11675
reference_id	RHSA-2025:11675
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11675

reference_url	https://access.redhat.com/errata/RHSA-2025:11677
reference_id	RHSA-2025:11677
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11677

reference_url	https://access.redhat.com/errata/RHSA-2025:11679
reference_id	RHSA-2025:11679
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11679

reference_url	https://access.redhat.com/errata/RHSA-2025:11681
reference_id	RHSA-2025:11681
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:11681

reference_url	https://access.redhat.com/errata/RHSA-2025:12325
reference_id	RHSA-2025:12325
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:12325

reference_url	https://access.redhat.com/errata/RHSA-2025:12341
reference_id	RHSA-2025:12341
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:12341

reference_url	https://access.redhat.com/errata/RHSA-2025:12370
reference_id	RHSA-2025:12370
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:12370

reference_url	https://access.redhat.com/errata/RHSA-2025:12372
reference_id	RHSA-2025:12372
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:12372

reference_url	https://access.redhat.com/errata/RHSA-2025:12437
reference_id	RHSA-2025:12437
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:12437

reference_url	https://access.redhat.com/errata/RHSA-2025:12439
reference_id	RHSA-2025:12439
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:12439

reference_url	https://access.redhat.com/errata/RHSA-2025:13289
reference_id	RHSA-2025:13289
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13289

reference_url	https://access.redhat.com/errata/RHSA-2025:13291
reference_id	RHSA-2025:13291
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13291

reference_url	https://access.redhat.com/errata/RHSA-2025:13325
reference_id	RHSA-2025:13325
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13325

reference_url	https://access.redhat.com/errata/RHSA-2025:13327
reference_id	RHSA-2025:13327
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13327

reference_url	https://access.redhat.com/errata/RHSA-2025:13336
reference_id	RHSA-2025:13336
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13336

reference_url	https://access.redhat.com/errata/RHSA-2025:13338
reference_id	RHSA-2025:13338
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13338

reference_url	https://access.redhat.com/errata/RHSA-2025:13848
reference_id	RHSA-2025:13848
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13848

reference_url	https://access.redhat.com/errata/RHSA-2025:13849
reference_id	RHSA-2025:13849
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13849

reference_url	https://access.redhat.com/errata/RHSA-2025:14060
reference_id	RHSA-2025:14060
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14060

reference_url	https://access.redhat.com/errata/RHSA-2025:14061
reference_id	RHSA-2025:14061
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14061

reference_url	https://access.redhat.com/errata/RHSA-2025:14397
reference_id	RHSA-2025:14397
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14397

reference_url	https://access.redhat.com/errata/RHSA-2025:14398
reference_id	RHSA-2025:14398
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14398

reference_url	https://access.redhat.com/errata/RHSA-2025:1448
reference_id	RHSA-2025:1448
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1448

reference_url	https://access.redhat.com/errata/RHSA-2025:14820
reference_id	RHSA-2025:14820
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14820

reference_url	https://access.redhat.com/errata/RHSA-2025:14821
reference_id	RHSA-2025:14821
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14821

reference_url	https://access.redhat.com/errata/RHSA-2025:14855
reference_id	RHSA-2025:14855
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14855

reference_url	https://access.redhat.com/errata/RHSA-2025:14856
reference_id	RHSA-2025:14856
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14856

reference_url	https://access.redhat.com/errata/RHSA-2025:14859
reference_id	RHSA-2025:14859
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14859

reference_url	https://access.redhat.com/errata/RHSA-2025:14860
reference_id	RHSA-2025:14860
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14860

reference_url	https://access.redhat.com/errata/RHSA-2025:15332
reference_id	RHSA-2025:15332
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15332

reference_url	https://access.redhat.com/errata/RHSA-2025:15333
reference_id	RHSA-2025:15333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15333

reference_url	https://access.redhat.com/errata/RHSA-2025:15673
reference_id	RHSA-2025:15673
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15673

reference_url	https://access.redhat.com/errata/RHSA-2025:15674
reference_id	RHSA-2025:15674
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15674

reference_url	https://access.redhat.com/errata/RHSA-2025:16160
reference_id	RHSA-2025:16160
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16160

reference_url	https://access.redhat.com/errata/RHSA-2025:16161
reference_id	RHSA-2025:16161
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16161

reference_url	https://access.redhat.com/errata/RHSA-2025:16526
reference_id	RHSA-2025:16526
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16526

reference_url	https://access.redhat.com/errata/RHSA-2025:16527
reference_id	RHSA-2025:16527
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16527

reference_url	https://access.redhat.com/errata/RHSA-2025:16529
reference_id	RHSA-2025:16529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16529

reference_url	https://access.redhat.com/errata/RHSA-2025:16530
reference_id	RHSA-2025:16530
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16530

reference_url	https://access.redhat.com/errata/RHSA-2025:16534
reference_id	RHSA-2025:16534
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:16534

reference_url	https://access.redhat.com/errata/RHSA-2025:17671
reference_id	RHSA-2025:17671
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:17671

reference_url	https://access.redhat.com/errata/RHSA-2025:17672
reference_id	RHSA-2025:17672
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:17672

reference_url	https://access.redhat.com/errata/RHSA-2025:19356
reference_id	RHSA-2025:19356
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19356

reference_url	https://access.redhat.com/errata/RHSA-2025:19357
reference_id	RHSA-2025:19357
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:19357

reference_url	https://access.redhat.com/errata/RHSA-2025:2223
reference_id	RHSA-2025:2223
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:2223

reference_url	https://access.redhat.com/errata/RHSA-2025:22863
reference_id	RHSA-2025:22863
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:22863

reference_url	https://access.redhat.com/errata/RHSA-2025:3368
reference_id	RHSA-2025:3368
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3368

reference_url	https://access.redhat.com/errata/RHSA-2025:3397
reference_id	RHSA-2025:3397
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:3397

reference_url	https://access.redhat.com/errata/RHSA-2025:9562
reference_id	RHSA-2025:9562
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:9562

reference_url	https://access.redhat.com/errata/RHSA-2025:9563
reference_id	RHSA-2025:9563
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:9563

fixed_packages

aliases

CVE-2024-45339, GHSA-6wxm-mpqj-6jpf

risk_score

3.2

exploitability

0.5

weighted_severity

6.4

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-kzen-6ybe-b3e1

Fixing_vulnerabilities

Risk_score 3.2

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/openshift4/metallb-rhel9-operator:ose-metallb-operator-container@4.16.0-202508201333.p2.gf3eacb4.assembly.stream%3Farch=el9

Package Instance