{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52363?format=json","vulnerability_id":"VCID-avqu-wswg-c3ga","summary":"Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions\nMoby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container.  This bug is fixed in Moby (Docker Engine) 20.10.18. Users should update to this version when it is available. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `\"USER $USERNAME\"` Dockerfile instruction. Instead by calling `ENTRYPOINT [\"su\", \"-\", \"user\"]` the supplementary groups will be set up properly.\n\nThanks to Steven Murdoch for reporting this issue.\n\n----\n\n### Impact\n\nIf an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. \n\n### Patches\n\n This bug is fixed in Moby (Docker Engine) 20.10.18. Users should update to this version when it is available.\n\n### Workarounds\n\nThis problem can be worked around by not using the `\"USER $USERNAME\"` Dockerfile instruction. Instead by calling `ENTRYPOINT [\"su\", \"-\", \"user\"]` the supplementary groups will be set up properly.\n\n### References\n\nhttps://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation/\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* [Open an issue](https://github.com/moby/moby/issues/new)\n* Email us at [security@docker.com](mailto:security@docker.com)","aliases":[{"alias":"CVE-2022-36109"},{"alias":"GHSA-rc4r-wh2q-q6c4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376887?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=aarch64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=aarch64&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/376888?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=armhf&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armhf&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/439195?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=x86&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86&distroversion=v3.16&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/554783?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=armv7&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armv7&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/554785?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=ppc64le&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=ppc64le&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/554789?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=x86_64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86_64&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/969113?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=ppc64le&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=ppc64le&distroversion=v3.21&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/1048072?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=s390x&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=s390x&distroversion=v3.19&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/952413?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=riscv64&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=riscv64&distroversion=v3.20&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/376892?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=riscv64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=riscv64&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/439193?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=ppc64le&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=ppc64le&distroversion=v3.16&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/439196?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=x86_64&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86_64&distroversion=v3.16&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/493080?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=armv7&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armv7&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/554786?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=riscv64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=riscv64&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/554787?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=s390x&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=s390x&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/949416?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=armhf&distroversion=v3.17&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armhf&distroversion=v3.17&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/949417?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=armv7&distroversion=v3.17&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armv7&distroversion=v3.17&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/949418?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=ppc64le&distroversion=v3.17&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=ppc64le&distroversion=v3.17&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/949420?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=x86&distroversion=v3.17&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86&distroversion=v3.17&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/949421?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=x86_64&distroversion=v3.17&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86_64&distroversion=v3.17&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/952415?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=x86&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86&distroversion=v3.20&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/969112?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=loongarch64&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=loongarch64&distroversion=v3.21&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/1048073?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=x86&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86&distroversion=v3.19&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/1044979?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=armhf&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armhf&distroversion=v3.18&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/376890?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=loongarch64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=loongarch64&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/1044983?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=x86&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86&distroversion=v3.18&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/439192?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=armv7&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armv7&distroversion=v3.16&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/1048070?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=armv7&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armv7&distroversion=v3.19&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/493079?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=armhf&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armhf&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/376889?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=armv7&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armv7&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/376891?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=ppc64le&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=ppc64le&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/376893?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=s390x&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=s390x&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/439194?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=s390x&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=s390x&distroversion=v3.16&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/493083?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=riscv64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=riscv64&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/493086?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=x86_64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86_64&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/554782?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=armhf&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armhf&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/952411?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=armv7&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armv7&distroversion=v3.20&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/952414?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=s390x&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=s390x&distroversion=v3.20&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/969114?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=riscv64&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=riscv64&distroversion=v3.21&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/952416?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=x86_64&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86_64&distroversion=v3.20&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/969111?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=armv7&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armv7&distroversion=v3.21&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/969116?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=x86&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86&distroversion=v3.21&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/1044978?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=aarch64&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=aarch64&distroversion=v3.18&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/1044980?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=armv7&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armv7&distroversion=v3.18&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/1044981?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=ppc64le&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=ppc64le&distroversion=v3.18&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/1044982?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=s390x&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=s390x&distroversion=v3.18&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/1048068?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=aarch64&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=aarch64&distroversion=v3.19&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/1048069?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=armhf&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armhf&distroversion=v3.19&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/493085?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=x86&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/952409?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=aarch64&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=aarch64&distroversion=v3.20&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/952410?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=armhf&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armhf&distroversion=v3.20&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/1048071?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=ppc64le&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=ppc64le&distroversion=v3.19&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/1048074?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=x86_64&distroversion=v3.19&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86_64&distroversion=v3.19&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/376894?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=x86&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/376895?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=x86_64&distroversion=edge&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86_64&distroversion=edge&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/439190?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=aarch64&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=aarch64&distroversion=v3.16&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/439191?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=armhf&distroversion=v3.16&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armhf&distroversion=v3.16&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/493078?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=aarch64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=aarch64&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/493081?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=loongarch64&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=loongarch64&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/493082?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=ppc64le&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=ppc64le&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/493084?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=s390x&distroversion=v3.22&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=s390x&distroversion=v3.22&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/554781?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=aarch64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=aarch64&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/554784?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=loongarch64&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=loongarch64&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/554788?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=x86&distroversion=v3.23&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86&distroversion=v3.23&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/949415?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=aarch64&distroversion=v3.17&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=aarch64&distroversion=v3.17&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/949419?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=s390x&distroversion=v3.17&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=s390x&distroversion=v3.17&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/952412?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=ppc64le&distroversion=v3.20&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=ppc64le&distroversion=v3.20&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/969109?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=aarch64&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=aarch64&distroversion=v3.21&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/969110?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=armhf&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=armhf&distroversion=v3.21&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/969115?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=s390x&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=s390x&distroversion=v3.21&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/969117?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=x86_64&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86_64&distroversion=v3.21&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/1044984?format=json","purl":"pkg:apk/alpine/docker@20.10.18-r0?arch=x86_64&distroversion=v3.18&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/docker@20.10.18-r0%3Farch=x86_64&distroversion=v3.18&reponame=community"},{"url":"http://public2.vulnerablecode.io/api/packages/921996?format=json","purl":"pkg:deb/debian/docker.io@20.10.19%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.19%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582637?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/582264?format=json","purl":"pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-njcw-wc13-dqcz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582265?format=json","purl":"pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582266?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1081511?format=json","purl":"pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/84650?format=json","purl":"pkg:ebuild/app-containers/docker@25.0.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/app-containers/docker@25.0.4"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/582263?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/582636?format=json","purl":"pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1sky-21r5-3qcu"},{"vulnerability":"VCID-41ft-14gt-bbbq"},{"vulnerability":"VCID-6tg9-3vhh-muae"},{"vulnerability":"VCID-8e1u-z6kg-ryhc"},{"vulnerability":"VCID-avqu-wswg-c3ga"},{"vulnerability":"VCID-b2qe-8u58-2qck"},{"vulnerability":"VCID-bzeb-kj67-vfds"},{"vulnerability":"VCID-e82r-vc77-f7bz"},{"vulnerability":"VCID-njcw-wc13-dqcz"},{"vulnerability":"VCID-quyf-eq2s-dbda"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36109.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36109.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36109","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12193","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.1228","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12392","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12425","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12421","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12533","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12409","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12449","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12487","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12514","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12464","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12384","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12576","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.1231","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12309","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-36109"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36109","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36109"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/moby/moby","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/moby/moby"},{"reference_url":"https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:05Z/"}],"url":"https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32"},{"reference_url":"https://github.com/moby/moby/releases/tag/v20.10.18","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:05Z/"}],"url":"https://github.com/moby/moby/releases/tag/v20.10.18"},{"reference_url":"https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:05Z/"}],"url":"https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36109","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36109"},{"reference_url":"https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:01:05Z/"}],"url":"https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019601","reference_id":"1019601","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1019601"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2127290","reference_id":"2127290","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2127290"},{"reference_url":"https://security.gentoo.org/glsa/202409-29","reference_id":"GLSA-202409-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-29"}],"weaknesses":[{"cwe_id":863,"name":"Incorrect Authorization","description":"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions."}],"exploits":[],"severity_range_score":"4.0 - 6.9","exploitability":"0.5","weighted_severity":"6.2","risk_score":3.1,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-avqu-wswg-c3ga"}