| id: GO-ID-PENDING |
| modules: |
| - module: github.com/sylabs/singularity |
| versions: |
| - introduced: 3.0.0+incompatible |
| non_go_versions: |
| - fixed: 3.6.0 |
| summary: Execution Control List (ECL) Is Insecure in Singularity in github.com/sylabs/singularity |
| cves: |
| - CVE-2020-13845 |
| ghsas: |
| - GHSA-pmfr-63c2-jr5c |
| references: |
| - advisory: https://github.com/hpcng/singularity/security/advisories/GHSA-pmfr-63c2-jr5c |
| - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-13845 |
| - web: http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html |
| - web: http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html |
| - web: http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.html |
| - web: https://medium.com/sylabs |
| notes: |
| - fix: 'github.com/sylabs/singularity: could not add vulnerable_at: latest version (0.0.0-20230731083700-61a3083f0c3c) is before last introduced version' |
| source: |
| id: GHSA-pmfr-63c2-jr5c |
| created: 1999-01-01T00:00:00Z |
| review_status: UNREVIEWED |
