[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-19724":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":131,"aliases":132,"duplicate_of":9,"upstream":134,"downstream":135,"duplicates":142,"related":143,"reserved_at":9,"published_at":147,"modified_at":148,"state":149,"summary":150,"references_raw":159,"kevs":194,"epss":195,"epss_history":198,"metrics":450,"affected":462},"CVE-2019-19724","Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-276","Incorrect Default Permissions","During installation, installed file permissions are set to allow anyone to modify those files.","weakness","Draft","Base","Medium",[20,68,127],{"id":21,"name":22,"techniques":23},"CAPEC-1","Accessing Functionality Not Properly Constrained by ACLs",[24],{"id":25,"name":26,"tactics":27,"countermeasures":43},"T1574.010","Services File Permissions Weakness",[28,31,34,37,40],{"id":29,"name":30},"TA0110","Persistence",{"id":32,"name":33},"TA0111","Privilege Escalation",{"id":35,"name":36},"TA0030","Defense Evasion",{"id":38,"name":39},"TA0005","Stealth",{"id":41,"name":42},"TA0104","Execution",[44,49,53,58,63],{"id":45,"name":46,"tactic":47},"D3-SWI","Software Inventory",{"name":48},"Model",{"id":50,"name":51,"tactic":52},"D3-AVE","Asset Vulnerability Enumeration",{"name":48},{"id":54,"name":55,"tactic":56},"D3-SBV","Service Binary Verification",{"name":57},"Detect",{"id":59,"name":60,"tactic":61},"D3-SU","Software Update",{"name":62},"Harden",{"id":64,"name":65,"tactic":66},"D3-RS","Restore Software",{"name":67},"Restore",{"id":69,"name":70,"techniques":71},"CAPEC-127","Directory Indexing",[72],{"id":73,"name":74,"tactics":75,"countermeasures":79},"T1083","File and Directory Discovery",[76],{"id":77,"name":78},"TA0102","Discovery",[80,84,88,93,98,102,106,111,115,119,123],{"id":81,"name":82,"tactic":83},"D3-FA","File Analysis",{"name":57},{"id":85,"name":86,"tactic":87},"D3-FIM","File Integrity Monitoring",{"name":57},{"id":89,"name":90,"tactic":91},"D3-FEV","File Eviction",{"name":92},"Evict",{"id":94,"name":95,"tactic":96},"D3-DF","Decoy File",{"name":97},"Deceive",{"id":99,"name":100,"tactic":101},"D3-FE","File Encryption",{"name":62},{"id":103,"name":104,"tactic":105},"D3-RF","Restore File",{"name":67},{"id":107,"name":108,"tactic":109},"D3-LFP","Local File Permissions",{"name":110},"Isolate",{"id":112,"name":113,"tactic":114},"D3-CF","Content Filtering",{"name":110},{"id":116,"name":117,"tactic":118},"D3-RFAM","Remote File Access Mediation",{"name":110},{"id":120,"name":121,"tactic":122},"D3-CQ","Content Quarantine",{"name":110},{"id":124,"name":125,"tactic":126},"D3-CM","Content Modification",{"name":110},{"id":128,"name":129,"techniques":130},"CAPEC-81","Web Server Logs Tampering",[],[],[133],"GHSA-mj73-5x75-9phh",[],[136,138,140],{"_key":137},"OPENSUSE-SU-2020:0057-1",{"_key":139},"OPENSUSE-SU-2020:1037-1",{"_key":141},"OPENSUSE-SU-2024:11384-1",[],[144,145,146],{"_key":137},{"_key":139},{"_key":141},"2019-12-18T20:52:24.000Z","2024-08-05T02:25:12.399Z","Modified",{"cisa_kev":151,"cisa_ransomware":151,"cisa_vendor":9,"epss_severity":152,"epss_score":153,"severity":154,"severity_score":155,"severity_version":156,"severity_source":157,"severity_vector":158,"severity_status":149},false,"low",0.00313,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",[160,170,176,180,185,189],{"url":161,"sources":162,"tags":165},"https://github.com/sylabs/singularity/releases/tag/v3.5.2",[163,157,164],"cve.org","osv_go",[166,167,168,169],"X Refsource CONFIRM","Release Notes","Third Party Advisory","WEB",{"url":171,"sources":172,"tags":173},"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00025.html",[163,157,164],[174,175,169],"Vendor Advisory","X Refsource SUSE",{"url":177,"sources":178,"tags":179},"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html",[163,157,164],[174,175,169],{"url":181,"sources":182,"tags":183},"https://nvd.nist.gov/vuln/detail/CVE-2019-19724",[164],[184],"Advisory",{"url":186,"sources":187,"tags":188},"https://github.com/sylabs/singularity/commit/2cda4981812c29f0fb11d3ea6aaf6139f665a631",[164],[169],{"url":190,"sources":191,"tags":192},"https://github.com/sylabs/singularity",[164],[193],"PACKAGE",[],{"date":196,"score":153,"percentile":197},"2026-06-04",0.54763,[199,202,205,208,211,214,217,219,222,225,228,230,233,235,238,242,245,248,251,254,257,260,263,266,269,272,275,278,281,284,287,290,292,295,298,301,304,307,310,313,316,319,322,325,328,331,334,337,339,342,345,348,351,353,356,358,361,364,367,370,373,376,379,381,384,387,390,393,396,399,402,404,407,409,411,414,416,418,421,423,426,429,431,433,436,438,440,443,445,447],{"date":200,"score":153,"percentile":201},"2025-11-04",0.53983,{"date":203,"score":153,"percentile":204},"2025-11-05",0.53944,{"date":206,"score":153,"percentile":207},"2025-11-06",0.53961,{"date":209,"score":153,"percentile":210},"2025-11-07",0.53986,{"date":212,"score":153,"percentile":213},"2025-11-08",0.53987,{"date":215,"score":153,"percentile":216},"2025-11-09",0.53985,{"date":218,"score":153,"percentile":207},"2025-11-10",{"date":220,"score":153,"percentile":221},"2025-11-11",0.53973,{"date":223,"score":153,"percentile":224},"2025-11-12",0.54,{"date":226,"score":153,"percentile":227},"2025-11-13",0.54009,{"date":229,"score":153,"percentile":227},"2025-11-14",{"date":231,"score":153,"percentile":232},"2025-11-15",0.54003,{"date":234,"score":153,"percentile":216},"2025-11-16",{"date":236,"score":153,"percentile":237},"2025-11-17",0.53971,{"date":239,"score":240,"percentile":241},"2025-11-18",0.00253,0.45312,{"date":243,"score":240,"percentile":244},"2025-11-19",0.45321,{"date":246,"score":240,"percentile":247},"2025-11-20",0.45327,{"date":249,"score":153,"percentile":250},"2025-11-21",0.53991,{"date":252,"score":153,"percentile":253},"2025-11-22",0.53988,{"date":255,"score":153,"percentile":256},"2025-11-23",0.53949,{"date":258,"score":153,"percentile":259},"2025-11-24",0.53941,{"date":261,"score":153,"percentile":262},"2025-11-25",0.53948,{"date":264,"score":153,"percentile":265},"2025-11-26",0.53951,{"date":267,"score":153,"percentile":268},"2025-11-27",0.53955,{"date":270,"score":153,"percentile":271},"2025-11-28",0.5393,{"date":273,"score":153,"percentile":274},"2025-11-29",0.53912,{"date":276,"score":153,"percentile":277},"2025-11-30",0.53905,{"date":279,"score":153,"percentile":280},"2025-12-01",0.54056,{"date":282,"score":153,"percentile":283},"2025-12-02",0.54073,{"date":285,"score":153,"percentile":286},"2025-12-03",0.54067,{"date":288,"score":153,"percentile":289},"2025-12-04",0.5391,{"date":291,"score":153,"percentile":271},"2025-12-05",{"date":293,"score":153,"percentile":294},"2025-12-06",0.53929,{"date":296,"score":153,"percentile":297},"2025-12-07",0.53919,{"date":299,"score":153,"percentile":300},"2025-12-08",0.5392,{"date":302,"score":153,"percentile":303},"2025-12-09",0.53935,{"date":305,"score":153,"percentile":306},"2025-12-10",0.53994,{"date":308,"score":153,"percentile":309},"2025-12-11",0.54017,{"date":311,"score":153,"percentile":312},"2025-12-12",0.54043,{"date":314,"score":153,"percentile":315},"2025-12-13",0.54038,{"date":317,"score":153,"percentile":318},"2025-12-14",0.54029,{"date":320,"score":153,"percentile":321},"2025-12-15",0.54018,{"date":323,"score":153,"percentile":324},"2025-12-16",0.54032,{"date":326,"score":153,"percentile":327},"2025-12-17",0.54051,{"date":329,"score":153,"percentile":330},"2025-12-18",0.54087,{"date":332,"score":153,"percentile":333},"2025-12-19",0.54089,{"date":335,"score":153,"percentile":336},"2025-12-20",0.54077,{"date":338,"score":153,"percentile":280},"2025-12-21",{"date":340,"score":153,"percentile":341},"2025-12-22",0.54034,{"date":343,"score":153,"percentile":344},"2025-12-23",0.54036,{"date":346,"score":153,"percentile":347},"2025-12-24",0.54047,{"date":349,"score":153,"percentile":350},"2025-12-25",0.54095,{"date":352,"score":153,"percentile":333},"2025-12-26",{"date":354,"score":153,"percentile":355},"2025-12-27",0.54142,{"date":357,"score":153,"percentile":286},"2025-12-28",{"date":359,"score":153,"percentile":360},"2025-12-29",0.54049,{"date":362,"score":153,"percentile":363},"2025-12-30",0.54041,{"date":365,"score":153,"percentile":366},"2025-12-31",0.54059,{"date":368,"score":153,"percentile":369},"2026-01-01",0.54228,{"date":371,"score":153,"percentile":372},"2026-01-02",0.54208,{"date":374,"score":153,"percentile":375},"2026-01-03",0.54201,{"date":377,"score":153,"percentile":378},"2026-01-04",0.5403,{"date":380,"score":153,"percentile":309},"2026-01-05",{"date":382,"score":153,"percentile":383},"2026-01-06",0.54023,{"date":385,"score":153,"percentile":386},"2026-01-07",0.54048,{"date":388,"score":153,"percentile":389},"2026-01-08",0.54069,{"date":391,"score":153,"percentile":392},"2026-01-09",0.54062,{"date":394,"score":153,"percentile":395},"2026-01-10",0.54058,{"date":397,"score":153,"percentile":398},"2026-01-11",0.54039,{"date":400,"score":153,"percentile":401},"2026-01-12",0.53992,{"date":403,"score":153,"percentile":237},"2026-01-13",{"date":405,"score":153,"percentile":406},"2026-01-14",0.54015,{"date":408,"score":153,"percentile":309},"2026-01-15",{"date":410,"score":153,"percentile":398},"2026-01-16",{"date":412,"score":153,"percentile":413},"2026-01-17",0.54026,{"date":415,"score":153,"percentile":321},"2026-01-18",{"date":417,"score":153,"percentile":227},"2026-01-19",{"date":419,"score":153,"percentile":420},"2026-01-20",0.54011,{"date":422,"score":153,"percentile":309},"2026-01-21",{"date":424,"score":153,"percentile":425},"2026-01-22",0.54022,{"date":427,"score":153,"percentile":428},"2026-01-23",0.54065,{"date":430,"score":153,"percentile":428},"2026-01-24",{"date":432,"score":153,"percentile":413},"2026-01-25",{"date":434,"score":153,"percentile":435},"2026-01-26",0.54012,{"date":437,"score":153,"percentile":425},"2026-01-27",{"date":439,"score":153,"percentile":315},"2026-01-28",{"date":441,"score":153,"percentile":442},"2026-01-29",0.54035,{"date":444,"score":153,"percentile":363},"2026-01-30",{"date":446,"score":153,"percentile":386},"2026-01-31",{"date":448,"score":153,"percentile":449},"2026-02-01",0.54189,[451,460],{"source":157,"cvss_v2_0":452,"cvss_v3_0":9,"cvss_v3_1":457,"cvss_v4_0":9},{"baseScore":453,"baseSeverity":9,"vectorString":454,"impactScore":455,"exploitabilityScore":456},5,"AV:N/AC:L/Au:N/C:P/I:N/A:N",2.9,10,{"baseScore":155,"baseSeverity":458,"vectorString":158,"impactScore":459,"exploitabilityScore":456},"HIGH",6,{"source":164,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":461,"cvss_v4_0":9},{"baseScore":155,"baseSeverity":9,"vectorString":158,"impactScore":459,"exploitabilityScore":456},[463,478],{"ecosystem":464,"name":465,"vendor":466,"product":467,"cpe_part":9,"purl_type":468,"purl_namespace":466,"purl_name":467,"source":9,"versions":469},"Go","github.com/sylabs/singularity","github.com/sylabs","singularity","golang",[470],{"version":471,"is_range":472,"range_type":473,"version_start":474,"version_start_type":475,"version_end":476,"version_end_type":477,"fixed_in":9},"gte3_3_0_lt3_5_2",true,"semver","3.3.0","including","3.5.2","excluding",{"ecosystem":9,"name":467,"vendor":479,"product":467,"cpe_part":480,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":481},"sylabs","a",[482],{"version":483,"is_range":472,"range_type":484,"version_start":474,"version_start_type":475,"version_end":485,"version_end_type":475,"fixed_in":9},"gte3.3.0_lte3.5.1","cpe","3.5.1"]