CVE-2018-19295Improper Input Validation in Sylabs Singularity

CWE-20Improper Input Validation8 documents6 sources
Severity
7.8HIGHNVD
OSV6.5
EPSS
0.1%
top 69.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Github.com Sylabs SingularitySylabs Singularity
Timeline
PublishedDec 17
Latest updateMay 14

Description

Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

Gogithub.com/sylabs_singularity2.4.02.6.1
NVDsylabs/singularity2.42.6.0

🔴Vulnerability Details

5
GHSA
Sylabs Singularity Improper Input Validation2022-05-14
OSV
Sylabs Singularity Improper Input Validation2022-05-14
OSV
singularity-container vulnerabilities2021-03-15
OSV
CVE-2018-19295: Sylabs Singularity 22018-12-17
CVEList
CVE-2018-19295: Sylabs Singularity 22018-12-17

📋Vendor Advisories

2
Ubuntu
Singularity vulnerabilities2021-03-15
Debian
CVE-2018-19295: singularity-container - Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Valid...2018
CVE-2018-19295 — Improper Input Validation | cvebase