{"url":"http://public2.vulnerablecode.io/api/packages/409097?format=json","purl":"pkg:apk/alpine/docker@20.10.9-r0?arch=armv7&distroversion=v3.20&reponame=community","type":"apk","namespace":"alpine","name":"docker","version":"20.10.9-r0","qualifiers":{"arch":"armv7","distroversion":"v3.20","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"20.10.11-r0","latest_non_vulnerable_version":"26.1.5-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18277?format=json","vulnerability_id":"VCID-3eju-5upk-auhy","summary":"`docker cp` allows unexpected chmod of host files in Moby Docker Engine\n## Impact\nA bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process.\n\n## Patches\nThis bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.\n\n## Workarounds\nEnsure you only run trusted containers.\n\n## Credits\nThe Moby project would like to thank Lei Wang and Ruizhi Xiao for responsibly disclosing this issue in accordance with the [Moby security policy](https://github.com/moby/moby/blob/master/SECURITY.md).\n\n## For more information\nIf you have any questions or comments about this advisory:\n\n* [Open an issue](https://github.com/moby/moby/issues/new)\n* Email us at  security@docker.com  if you think you’ve found a security bug","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41089.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41089.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41089","reference_id":"","reference_type":"","scores":[{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08863","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08836","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08871","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08786","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08644","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08651","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08727","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08728","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08714","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.0871","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08756","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08744","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08592","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08605","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08715","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.0873","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08652","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08753","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08752","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.08679","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41089"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41089","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41089"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/moby","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby"},{"reference_url":"https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41089","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41089"},{"reference_url":"https://pkg.go.dev/vuln/GO-2024-2913","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pkg.go.dev/vuln/GO-2024-2913"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2008592","reference_id":"2008592","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2008592"},{"reference_url":"https://security.archlinux.org/AVG-2440","reference_id":"AVG-2440","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2440"},{"reference_url":"https://security.gentoo.org/glsa/202409-29","reference_id":"GLSA-202409-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-29"},{"reference_url":"https://usn.ubuntu.com/5103-1/","reference_id":"USN-5103-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5103-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/409097?format=json","purl":"pkg:apk/alpine/docker@20.10.9-r0?arch=armv7&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.9-r0%3Farch=armv7&distroversion=v3.20&reponame=community"}],"aliases":["CVE-2021-41089","GHSA-v994-f8vw-g7j4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3eju-5upk-auhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18958?format=json","vulnerability_id":"VCID-bhju-575k-ebh3","summary":"Docker CLI leaks private registry credentials to registry-1.docker.io\n## Impact\n\nA bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry.\n\n## Patches\n\nThis bug has been fixed in Docker CLI 20.10.9.  Users should update to this version as soon as possible.\n\n## Workarounds\n\nEnsure that any configured `credsStore` or `credHelpers` entries in the configuration file reference an installed credential helper that is executable and on the `PATH`.\n\n## For more information\n\nIf you have any questions or comments about this advisory:\n\n* [Open an issue](https://github.com/docker/cli/issues/new/choose)\n* Email us at security@docker.com if you think you’ve found a security bug","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41092.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41092.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41092","reference_id":"","reference_type":"","scores":[{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22807","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.2305","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.2307","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23034","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22977","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22991","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22984","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22948","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22778","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22772","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22766","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22666","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22751","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22827","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22792","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22923","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23089","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.23134","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22925","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00077","scoring_system":"epss","scoring_elements":"0.22998","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41092"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41092","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41092"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b"},{"reference_url":"https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41092","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41092"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023449","reference_id":"2023449","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023449"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998292","reference_id":"998292","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=998292"},{"reference_url":"https://security.archlinux.org/AVG-2440","reference_id":"AVG-2440","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2440"},{"reference_url":"https://usn.ubuntu.com/5134-1/","reference_id":"USN-5134-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5134-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/409097?format=json","purl":"pkg:apk/alpine/docker@20.10.9-r0?arch=armv7&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.9-r0%3Farch=armv7&distroversion=v3.20&reponame=community"}],"aliases":["CVE-2021-41092","GHSA-99pg-grm5-qq3v"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bhju-575k-ebh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14446?format=json","vulnerability_id":"VCID-e9ng-x516-53cf","summary":"Moby (Docker Engine) Insufficiently restricted permissions on data directory\n## Impact\n\nA bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs.  When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs.  When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files.\n\n## Patches\n\nThis bug has been fixed in Moby (Docker Engine) 20.10.9.  Users should update to this version as soon as possible.  Running containers should be stopped and restarted for the permissions to be fixed.\n\n## Workarounds\n\nLimit access to the host to trusted users.  Limit access to host volumes to trusted containers.\n\n## Credits\n\nThe Moby project would like to thank Joan Bruguera for responsibly disclosing this issue in accordance with the [Moby security policy](https://github.com/moby/moby/blob/master/SECURITY.md).\n\n## For more information\n\nIf you have any questions or comments about this advisory:\n\n* [Open an issue](https://github.com/moby/moby/issues/new)\n* Email us at security@docker.com if you think you’ve found a security bug","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41091.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41091.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41091","reference_id":"","reference_type":"","scores":[{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.8943","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.895","published_at":"2026-05-11T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.89501","published_at":"2026-05-09T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.89486","published_at":"2026-05-07T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.89467","published_at":"2026-05-05T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.89459","published_at":"2026-04-29T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.8951","published_at":"2026-05-12T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.89454","published_at":"2026-04-24T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.89438","published_at":"2026-04-21T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.89441","published_at":"2026-04-18T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.8944","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.89424","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.89429","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04746","scoring_system":"epss","scoring_elements":"0.89458","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0558","scoring_system":"epss","scoring_elements":"0.90259","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0558","scoring_system":"epss","scoring_elements":"0.90256","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0558","scoring_system":"epss","scoring_elements":"0.90272","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0558","scoring_system":"epss","scoring_elements":"0.90276","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0558","scoring_system":"epss","scoring_elements":"0.90291","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0558","scoring_system":"epss","scoring_elements":"0.90298","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41091"},{"reference_url":"https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41091","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41091"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/moby","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby"},{"reference_url":"https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/commit/f0ab919f518c47240ea0e72d0999576bb8008e64"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41091","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41091"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023448","reference_id":"2023448","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023448"},{"reference_url":"https://security.archlinux.org/AVG-2440","reference_id":"AVG-2440","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2440"},{"reference_url":"https://security.gentoo.org/glsa/202409-29","reference_id":"GLSA-202409-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/409097?format=json","purl":"pkg:apk/alpine/docker@20.10.9-r0?arch=armv7&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.9-r0%3Farch=armv7&distroversion=v3.20&reponame=community"}],"aliases":["CVE-2021-41091","GHSA-3fwx-pjgw-3558"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e9ng-x516-53cf"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.9-r0%3Farch=armv7&distroversion=v3.20&reponame=community"}