Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/36812?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36812?format=api", "vulnerability_id": "VCID-5ftw-539a-kbdz", "summary": "\"Verify All\" Returns Success Despite Validation Failures in Singularity\n### Impact\n\nThe `--all / -a` option to `singularity verify` returns success even when some objects in a SIF container are not signed, or cannot be verified.\n\nThe SIF objects that are not verified are reported in `WARNING` log messages, but a `Container Verified` message and exit code of `0` are returned.\n\nWorkflows that verify a container using `--all / -a` and use the exit code as an indicator of success are vulnerable to running SIF containers that have unsigned, or modified, objects that may be exploited to introduce malicious behavior.\n\n```\n$ singularity verify -a image.sif \nWARNING: Missing signature for SIF descriptor 2 (JSON.Generic)\nWARNING: Missing signature for SIF descriptor 3 (FS)\nContainer is signed by 1 key(s):\n\nVerifying partition: Def.FILE:\n12045C8C0B1004D058DE4BEDA20C27EE7FF7BA84\n[LOCAL] Unit Test <unit@test.com>\n[OK] Data integrity verified\n\nINFO: Container verified: image.sif\n\n$ echo $?\n0\n```\n\n\n### Patches\n\nSingularity 3.6.0 has a new implementation of sign/verify that fixes this issue.\n\nAll users are advised to upgrade to 3.6.0. Note that Singularity 3.6.0 uses a new signature format that is necessarily incompatible with Singularity < 3.6.0 - e.g. Singularity 3.5.3 cannot verify containers signed by 3.6.0.\n\nVersion 3.6.0 includes a `--legacy-insecure` flag for the `singularity verify` command, that will perform verification of the older, and insecure, legacy signatures for compatibility with existing containers. This does not guarantee that containers have not been modified since signing, due to other issues in the legacy signature format.\n\n### Workarounds\n\nIf you are unable to update to 3.6.0 ensure that you do not rely on the return code of `singularity verify --all / -a` as an indicator of trust in a container.\n\nNote that other issues in the sign/verify implementation in Singularity < 3.6.0 allow additional means to introduce malicious behavior to a signed container.\n\n\n### For more information\n\nGeneral questions about the impact of the advisory / changes made in the 3.6.0 release can be asked in the:\n\n* [Singularity Slack Channel](https://bit.ly/2m0g3lX)\n* [Singularity Mailing List](https://groups.google.com/a/lbl.gov/forum/??sdf%7Csort:date#!forum/singularity)\n\nAny sensitive security concerns should be directed to: security@sylabs.io\n\nSee our Security Policy here: https://sylabs.io/security-policy", "aliases": [ { "alias": "CVE-2020-13846" }, { "alias": "GHSA-6w7g-p4jh-rf92" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/461102?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=x86_64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86_64&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/568077?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=armhf&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armhf&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/568078?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=armv7&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armv7&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/568079?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=ppc64le&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/962411?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=aarch64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=aarch64&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/394746?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=ppc64le&distroversion=v3.19&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=ppc64le&distroversion=v3.19&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/394748?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=x86&distroversion=v3.19&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86&distroversion=v3.19&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/421212?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=x86&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86&distroversion=v3.21&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/461097?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=loongarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=loongarch64&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/461100?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=s390x&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=s390x&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/568081?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=s390x&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=s390x&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/568082?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=x86&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/962417?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=s390x&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=s390x&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/962418?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=x86&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/421206?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=armhf&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armhf&distroversion=v3.21&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/394747?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=s390x&distroversion=v3.19&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=s390x&distroversion=v3.19&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/511390?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=x86&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/394744?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=armhf&distroversion=v3.19&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armhf&distroversion=v3.19&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/394745?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=armv7&distroversion=v3.19&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armv7&distroversion=v3.19&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/421208?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/421213?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=x86_64&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86_64&distroversion=v3.21&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/394743?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=aarch64&distroversion=v3.19&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=aarch64&distroversion=v3.19&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/421205?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=aarch64&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=aarch64&distroversion=v3.21&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/421207?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=armv7&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armv7&distroversion=v3.21&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/421210?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=riscv64&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=riscv64&distroversion=v3.21&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/421211?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=s390x&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=s390x&distroversion=v3.21&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/461094?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=aarch64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=aarch64&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/461095?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=armhf&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armhf&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/461096?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=armv7&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armv7&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/461101?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=x86&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/511383?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=aarch64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=aarch64&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/511384?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=armhf&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armhf&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/511385?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=armv7&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armv7&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/511386?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=loongarch64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/511389?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=s390x&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=s390x&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/568083?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=x86_64&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86_64&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/962415?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=ppc64le&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=ppc64le&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/962416?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=riscv64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=riscv64&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/962419?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=x86_64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86_64&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/511387?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=ppc64le&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/511391?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=x86_64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86_64&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/568076?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=aarch64&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=aarch64&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/962412?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=armhf&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armhf&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/394749?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=x86_64&distroversion=v3.19&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86_64&distroversion=v3.19&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/421209?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=ppc64le&distroversion=v3.21&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=ppc64le&distroversion=v3.21&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/511388?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=riscv64&distroversion=v3.23&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=riscv64&distroversion=v3.23&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/568080?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=riscv64&distroversion=v3.20&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=riscv64&distroversion=v3.20&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/962413?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=armv7&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armv7&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/962414?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=loongarch64&distroversion=v3.22&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/461098?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=ppc64le&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=ppc64le&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/461099?format=api", "purl": "pkg:apk/alpine/singularity@3.6.0-r0?arch=riscv64&distroversion=edge&reponame=community", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=riscv64&distroversion=edge&reponame=community" }, { "url": "http://public2.vulnerablecode.io/api/packages/939441?format=api", "purl": "pkg:deb/debian/singularity-container@3.9.5%2Bds1-2?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/singularity-container@3.9.5%252Bds1-2%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/939435?format=api", "purl": "pkg:deb/debian/singularity-container@4.1.5%2Bds4-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/singularity-container@4.1.5%252Bds4-1%3Fdistro=sid" } ], "affected_packages": [], "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13846", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58713", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58783", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58801", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58763", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58795", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.588", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58778", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58746", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58761", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58651", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58735", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58756", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58723", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00368", "scoring_system": "epss", "scoring_elements": "0.58776", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13846" }, { "reference_url": "https://github.com/hpcng/singularity/security/advisories/GHSA-6w7g-p4jh-rf92", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hpcng/singularity/security/advisories/GHSA-6w7g-p4jh-rf92" }, { "reference_url": "https://github.com/sylabs/singularity", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sylabs/singularity" }, { "reference_url": "https://medium.com/sylabs", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://medium.com/sylabs" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13846", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13846" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965040", "reference_id": "965040", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965040" } ], "weaknesses": [], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ftw-539a-kbdz" }