{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37089?format=json","vulnerability_id":"VCID-x9mw-wgx6-dyge","summary":"Execution Control List (ECL) Is Insecure in Singularity\n### Impact\n\nThe Singularity Execution Control List (ECL) allows system administrators to set up a policy that defines rules about what signature(s) must be (or must not be) present on a SIF container image for it to be permitted to run.\n\nIn Singularity 3.x versions below 3.6.0, the following issues allow the ECL to be bypassed by a malicious user:\n\n * Image integrity is not validated when an ECL policy is enforced.\n * The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature. Thus, it is trivial to craft an arbitrary payload which will be permitted to run, even if the attacker does not have access to the private key associated with the fingerprint(s) configured in the ECL.\n\n### Patches\n\nThese issues are addressed in Singularity 3.6.0.\n\nAll users are advised to upgrade to 3.6.0. Note that Singularity 3.6.0 uses a new signature format that is necessarily incompatible with Singularity < 3.6.0 - e.g. Singularity 3.5.3 cannot verify containers signed by 3.6.0.\n\nVersion 3.6.0 includes a `legacyinsecure` option that can be set to `legacyinsecure = true` in `ecl.toml` to allow the ECL to perform verification of the older, and insecure, legacy signatures for compatibility with existing containers. This does not guarantee that containers have not been modified since signing, due to other issues in the legacy signature format. The option should be used only to temporarily ease the transition to containers signed with the new 3.6.0 signature format.\n\n### Workarounds\n\nThis issue affects any installation of Singularity configured to use the Execution Control List (ECL) functionality. There is no workaround if ECL is required.\n\n### For more information\n\nGeneral questions about the impact of the advisory / changes made in the 3.6.0 release can be asked in the:\n\n* [Singularity Slack Channel](https://bit.ly/2m0g3lX)\n* [Singularity Mailing List](https://groups.google.com/a/lbl.gov/forum/??sdf%7Csort:date#!forum/singularity)\n\nAny sensitive security concerns should be directed to: security@sylabs.io\n\nSee our Security Policy here: https://sylabs.io/security-policy","aliases":[{"alias":"CVE-2020-13845"},{"alias":"GHSA-pmfr-63c2-jr5c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/394743?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=aarch64&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=aarch64&distroversion=v3.19&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/394744?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=armhf&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armhf&distroversion=v3.19&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/394745?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=armv7&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armv7&distroversion=v3.19&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/394746?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=ppc64le&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=ppc64le&distroversion=v3.19&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/394747?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=s390x&distroversion=v3.19&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/394748?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=x86&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86&distroversion=v3.19&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/394749?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=x86_64&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86_64&distroversion=v3.19&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/421205?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=aarch64&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=aarch64&distroversion=v3.21&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/421206?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=armhf&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armhf&distroversion=v3.21&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/421207?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=armv7&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armv7&distroversion=v3.21&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/421208?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=loongarch64&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/421209?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=ppc64le&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=ppc64le&distroversion=v3.21&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/421210?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=riscv64&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=riscv64&distroversion=v3.21&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/421211?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=s390x&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=s390x&distroversion=v3.21&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/421212?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=x86&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86&distroversion=v3.21&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/421213?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=x86_64&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86_64&distroversion=v3.21&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/461094?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=aarch64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=aarch64&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/461095?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=armhf&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armhf&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/461096?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=armv7&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armv7&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/461097?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=loongarch64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=loongarch64&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/461098?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=ppc64le&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=ppc64le&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/461099?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=riscv64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=riscv64&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/461100?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=s390x&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=s390x&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/461101?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=x86&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/461102?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=x86_64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86_64&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/511383?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=aarch64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=aarch64&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/511384?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=armhf&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armhf&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/511385?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=armv7&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armv7&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/511386?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=loongarch64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/511387?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=ppc64le&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/511388?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=riscv64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=riscv64&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/511389?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=s390x&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=s390x&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/511390?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=x86&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/511391?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=x86_64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86_64&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/568076?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=aarch64&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=aarch64&distroversion=v3.20&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/568077?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=armhf&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armhf&distroversion=v3.20&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/568078?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=armv7&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armv7&distroversion=v3.20&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/568079?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=ppc64le&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/568080?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=riscv64&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=riscv64&distroversion=v3.20&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/568081?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=s390x&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=s390x&distroversion=v3.20&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/568082?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=x86&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86&distroversion=v3.20&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/568083?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=x86_64&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86_64&distroversion=v3.20&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/962411?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=aarch64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=aarch64&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/962412?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=armhf&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armhf&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/962413?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=armv7&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=armv7&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/962414?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=loongarch64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/962415?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=ppc64le&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=ppc64le&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/962416?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=riscv64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=riscv64&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/962417?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=s390x&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=s390x&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/962418?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=x86&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/962419?format=json","purl":"pkg:apk/alpine/singularity@3.6.0-r0?arch=x86_64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/singularity@3.6.0-r0%3Farch=x86_64&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/939441?format=json","purl":"pkg:deb/debian/singularity-container@3.9.5%2Bds1-2?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/singularity-container@3.9.5%252Bds1-2%3Fdistro=sid"},{"url":"http://public2.vulnerablecode.io/api/packages/939435?format=json","purl":"pkg:deb/debian/singularity-container@4.1.5%2Bds4-1?distro=sid","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/singularity-container@4.1.5%252Bds4-1%3Fdistro=sid"}],"affected_packages":[],"references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13845","reference_id":"","reference_type":"","scores":[{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23238","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.2313","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23023","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23106","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.2318","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23142","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23159","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23299","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23472","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23509","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23293","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23366","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23417","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23436","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23399","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23345","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23362","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23356","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23336","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23145","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23138","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13845"},{"reference_url":"https://github.com/hpcng/singularity/security/advisories/GHSA-pmfr-63c2-jr5c","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/hpcng/singularity/security/advisories/GHSA-pmfr-63c2-jr5c"},{"reference_url":"https://medium.com/sylabs","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://medium.com/sylabs"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13845","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13845"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965040","reference_id":"965040","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965040"}],"weaknesses":[{"cwe_id":347,"name":"Improper Verification of Cryptographic Signature","description":"The product does not verify, or incorrectly verifies, the cryptographic signature for data."},{"cwe_id":354,"name":"Improper Validation of Integrity Check Value","description":"The product does not validate or incorrectly validates the integrity check values or checksums of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission."}],"exploits":[],"severity_range_score":"7.0 - 8.9","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x9mw-wgx6-dyge"}