[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-20291":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":39,"aliases":49,"duplicate_of":9,"upstream":52,"downstream":53,"duplicates":80,"related":81,"reserved_at":9,"published_at":87,"modified_at":88,"state":89,"summary":90,"references_raw":98,"kevs":175,"epss":176,"epss_history":179,"metrics":444,"affected":457},"CVE-2021-20291","A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-667","Improper Locking","The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.","weakness","Draft","Class",[19,31,35],{"id":20,"name":21,"techniques":22},"CAPEC-25","Forced Deadlock",[23],{"id":24,"name":25,"tactics":26,"countermeasures":30},"T1499.004","Application or System Exploitation",[27],{"id":28,"name":29},"TA0105","Impact",[],{"id":32,"name":33,"techniques":34},"CAPEC-26","Leveraging Race Conditions",[],{"id":36,"name":37,"techniques":38},"CAPEC-27","Leveraging Race Conditions via Symbolic Links",[],[40],{"_key":41,"name":42,"source":43,"url":44,"maturity":45,"reliability_score":46,"verified":47,"type":9,"platforms":48,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_17FF8C34986FDAFD","Exploit Reference (unit42.paloaltonetworks.com)","reference","https://unit42.paloaltonetworks.com/cve-2021-20291/","unknown",0.2,false,[],[50,51],"GHSA-7qw8-847f-pggm","GO-2021-0100",[],[54,56,58,60,62,64,66,68,70,72,74,76,78],{"_key":55},"UBUNTU-CVE-2021-20291",{"_key":57},"SUSE-SU-2022:23018-1",{"_key":59},"SUSE-SU-2022:3312-1",{"_key":61},"OPENSUSE-SU-2022:23018-1",{"_key":63},"OPENSUSE-SU-2024:11757-1",{"_key":65},"MGASA-2023-0213",{"_key":67},"DEBIAN-CVE-2021-20291",{"_key":69},"RHBA-2022:0348",{"_key":71},"RHSA-2021:1150",{"_key":73},"RHSA-2021:4154",{"_key":75},"RHSA-2022:7954",{"_key":77},"RHSA-2022:7955",{"_key":79},"RHSA-2022:8008",[],[82,83,84,85,86],{"_key":65},{"_key":57},{"_key":59},{"_key":61},{"_key":63},"2021-04-01T17:49:40.000Z","2024-08-03T17:37:23.517Z","Modified",{"cisa_kev":47,"cisa_ransomware":47,"cisa_vendor":9,"epss_severity":91,"epss_score":92,"severity":93,"severity_score":94,"severity_version":95,"severity_source":96,"severity_vector":97,"severity_status":89},"low",0.01026,"high",7.1,"v2.0","nvd","AV:N/AC:M/Au:N/C:N/I:N/A:C",[99,110,116,120,124,128,132,137,142,146,151,155,159,163,167,171],{"url":100,"sources":101,"tags":104},"https://bugzilla.redhat.com/show_bug.cgi?id=1939485",[102,96,103],"cve.org","osv_go",[105,106,107,108,109],"X Refsource MISC","Issue Tracking","Patch","Third Party Advisory","WEB",{"url":111,"sources":112,"tags":113},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5D7XL7FL24TWFMGQ3K2S72EOUSLZMKL/",[102,96],[114,115],"Vendor Advisory","X Refsource FEDORA",{"url":117,"sources":118,"tags":119},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNMB7O2UIXE34PGSCSOULGHPX5LIJBMM/",[102,96],[114,115],{"url":121,"sources":122,"tags":123},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WX24EITRXVHDM5M223BVTJA2ODF2FSHI/",[102,96],[114,115],{"url":125,"sources":126,"tags":127},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPYOHNG2Q7DCAQZMGYLMENLKALGDLG3X/",[102,96],[114,115],{"url":44,"sources":129,"tags":130},[102,96],[105,131,108],"Exploit",{"url":133,"sources":134,"tags":135},"https://nvd.nist.gov/vuln/detail/CVE-2021-20291",[103],[136],"Advisory",{"url":138,"sources":139,"tags":140},"https://github.com/containers/storage/pull/860",[103],[109,141],"FIX",{"url":143,"sources":144,"tags":145},"https://github.com/containers/storage/commit/306fcabc964470e4b3b87a43a8f6b7d698209ee1",[103],[109,141],{"url":147,"sources":148,"tags":149},"https://github.com/containers/storage",[103],[150],"PACKAGE",{"url":152,"sources":153,"tags":154},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R5D7XL7FL24TWFMGQ3K2S72EOUSLZMKL",[103],[109],{"url":156,"sources":157,"tags":158},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPYOHNG2Q7DCAQZMGYLMENLKALGDLG3X",[103],[109],{"url":160,"sources":161,"tags":162},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WX24EITRXVHDM5M223BVTJA2ODF2FSHI",[103],[109],{"url":164,"sources":165,"tags":166},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNMB7O2UIXE34PGSCSOULGHPX5LIJBMM",[103],[109],{"url":168,"sources":169,"tags":170},"https://pkg.go.dev/vuln/GO-2021-0100",[103],[109],{"url":172,"sources":173,"tags":174},"https://unit42.paloaltonetworks.com/cve-2021-20291",[103],[109],[],{"date":177,"score":92,"percentile":178},"2026-06-04",0.77629,[180,184,187,190,193,195,198,201,204,207,210,213,216,219,221,225,228,231,235,238,241,245,248,251,254,257,260,262,265,268,271,274,276,279,281,283,286,289,292,295,298,301,304,307,310,313,316,319,322,325,328,331,334,337,340,343,345,348,351,354,357,360,363,366,369,372,375,378,381,384,387,389,391,394,397,400,403,406,409,412,415,418,421,424,427,430,433,436,439,441],{"date":181,"score":182,"percentile":183},"2025-11-04",0.00111,0.30231,{"date":185,"score":182,"percentile":186},"2025-11-05",0.30211,{"date":188,"score":182,"percentile":189},"2025-11-06",0.30223,{"date":191,"score":182,"percentile":192},"2025-11-07",0.3023,{"date":194,"score":182,"percentile":183},"2025-11-08",{"date":196,"score":182,"percentile":197},"2025-11-09",0.3021,{"date":199,"score":182,"percentile":200},"2025-11-10",0.30188,{"date":202,"score":182,"percentile":203},"2025-11-11",0.30206,{"date":205,"score":182,"percentile":206},"2025-11-12",0.30249,{"date":208,"score":182,"percentile":209},"2025-11-13",0.30266,{"date":211,"score":182,"percentile":212},"2025-11-14",0.30262,{"date":214,"score":182,"percentile":215},"2025-11-15",0.30256,{"date":217,"score":182,"percentile":218},"2025-11-16",0.30228,{"date":220,"score":182,"percentile":197},"2025-11-17",{"date":222,"score":223,"percentile":224},"2025-11-18",0.01228,0.77365,{"date":226,"score":223,"percentile":227},"2025-11-19",0.77373,{"date":229,"score":223,"percentile":230},"2025-11-20",0.77382,{"date":232,"score":233,"percentile":234},"2025-11-21",0.00131,0.33394,{"date":236,"score":233,"percentile":237},"2025-11-22",0.33399,{"date":239,"score":233,"percentile":240},"2025-11-23",0.33365,{"date":242,"score":243,"percentile":244},"2025-11-24",0.00879,0.74591,{"date":246,"score":243,"percentile":247},"2025-11-25",0.74593,{"date":249,"score":243,"percentile":250},"2025-11-26",0.746,{"date":252,"score":243,"percentile":253},"2025-11-27",0.74602,{"date":255,"score":243,"percentile":256},"2025-11-28",0.7459,{"date":258,"score":243,"percentile":259},"2025-11-29",0.74587,{"date":261,"score":243,"percentile":259},"2025-11-30",{"date":263,"score":243,"percentile":264},"2025-12-01",0.74719,{"date":266,"score":243,"percentile":267},"2025-12-02",0.74725,{"date":269,"score":243,"percentile":270},"2025-12-03",0.74715,{"date":272,"score":243,"percentile":273},"2025-12-04",0.74583,{"date":275,"score":243,"percentile":247},"2025-12-05",{"date":277,"score":243,"percentile":278},"2025-12-06",0.74596,{"date":280,"score":243,"percentile":247},"2025-12-07",{"date":282,"score":243,"percentile":278},"2025-12-08",{"date":284,"score":243,"percentile":285},"2025-12-09",0.74624,{"date":287,"score":243,"percentile":288},"2025-12-10",0.74649,{"date":290,"score":243,"percentile":291},"2025-12-11",0.74665,{"date":293,"score":243,"percentile":294},"2025-12-12",0.74687,{"date":296,"score":243,"percentile":297},"2025-12-13",0.74694,{"date":299,"score":243,"percentile":300},"2025-12-14",0.74692,{"date":302,"score":243,"percentile":303},"2025-12-15",0.74695,{"date":305,"score":243,"percentile":306},"2025-12-16",0.74708,{"date":308,"score":243,"percentile":309},"2025-12-17",0.74717,{"date":311,"score":243,"percentile":312},"2025-12-18",0.74738,{"date":314,"score":243,"percentile":315},"2025-12-19",0.74755,{"date":317,"score":243,"percentile":318},"2025-12-20",0.74753,{"date":320,"score":243,"percentile":321},"2025-12-21",0.74747,{"date":323,"score":243,"percentile":324},"2025-12-22",0.74746,{"date":326,"score":243,"percentile":327},"2025-12-23",0.74741,{"date":329,"score":243,"percentile":330},"2025-12-24",0.74751,{"date":332,"score":243,"percentile":333},"2025-12-25",0.74777,{"date":335,"score":243,"percentile":336},"2025-12-26",0.74775,{"date":338,"score":243,"percentile":339},"2025-12-27",0.74823,{"date":341,"score":243,"percentile":342},"2025-12-28",0.74756,{"date":344,"score":243,"percentile":318},"2025-12-29",{"date":346,"score":243,"percentile":347},"2025-12-30",0.74768,{"date":349,"score":243,"percentile":350},"2025-12-31",0.74795,{"date":352,"score":243,"percentile":353},"2026-01-01",0.7494,{"date":355,"score":243,"percentile":356},"2026-01-02",0.74943,{"date":358,"score":243,"percentile":359},"2026-01-03",0.74942,{"date":361,"score":243,"percentile":362},"2026-01-04",0.74805,{"date":364,"score":243,"percentile":365},"2026-01-05",0.74797,{"date":367,"score":243,"percentile":368},"2026-01-06",0.74812,{"date":370,"score":243,"percentile":371},"2026-01-07",0.74822,{"date":373,"score":243,"percentile":374},"2026-01-08",0.74835,{"date":376,"score":243,"percentile":377},"2026-01-09",0.7484,{"date":379,"score":243,"percentile":380},"2026-01-10",0.74838,{"date":382,"score":243,"percentile":383},"2026-01-11",0.74826,{"date":385,"score":243,"percentile":386},"2026-01-12",0.74813,{"date":388,"score":243,"percentile":368},"2026-01-13",{"date":390,"score":243,"percentile":380},"2026-01-14",{"date":392,"score":243,"percentile":393},"2026-01-15",0.74847,{"date":395,"score":243,"percentile":396},"2026-01-16",0.7486,{"date":398,"score":243,"percentile":399},"2026-01-17",0.74859,{"date":401,"score":243,"percentile":402},"2026-01-18",0.74842,{"date":404,"score":243,"percentile":405},"2026-01-19",0.74833,{"date":407,"score":243,"percentile":408},"2026-01-20",0.74837,{"date":410,"score":243,"percentile":411},"2026-01-21",0.74843,{"date":413,"score":243,"percentile":414},"2026-01-22",0.74848,{"date":416,"score":243,"percentile":417},"2026-01-23",0.74875,{"date":419,"score":243,"percentile":420},"2026-01-24",0.74883,{"date":422,"score":243,"percentile":423},"2026-01-25",0.74867,{"date":425,"score":243,"percentile":426},"2026-01-26",0.74866,{"date":428,"score":243,"percentile":429},"2026-01-27",0.74876,{"date":431,"score":243,"percentile":432},"2026-01-28",0.74882,{"date":434,"score":243,"percentile":435},"2026-01-29",0.74879,{"date":437,"score":243,"percentile":438},"2026-01-30",0.74881,{"date":440,"score":243,"percentile":420},"2026-01-31",{"date":442,"score":243,"percentile":443},"2026-02-01",0.75002,[445,455],{"source":96,"cvss_v2_0":446,"cvss_v3_0":9,"cvss_v3_1":449,"cvss_v4_0":9},{"baseScore":94,"baseSeverity":9,"vectorString":97,"impactScore":447,"exploitabilityScore":448},6.9,8.6,{"baseScore":450,"baseSeverity":451,"vectorString":452,"impactScore":453,"exploitabilityScore":454},6.5,"MEDIUM","CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",6,7.2,{"source":103,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":456,"cvss_v4_0":9},{"baseScore":450,"baseSeverity":9,"vectorString":452,"impactScore":453,"exploitabilityScore":454},[458,468,481,488,495],{"ecosystem":9,"name":459,"vendor":460,"product":459,"cpe_part":461,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":462},"fedora","fedoraproject","o",[463,466],{"version":464,"is_range":47,"range_type":465,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"33","cpe",{"version":467,"is_range":47,"range_type":465,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"34",{"ecosystem":469,"name":470,"vendor":471,"product":472,"cpe_part":9,"purl_type":473,"purl_namespace":471,"purl_name":472,"source":9,"versions":474},"Go","github.com/containers/storage","github.com/containers","storage","golang",[475],{"version":476,"is_range":477,"range_type":478,"version_start":9,"version_start_type":9,"version_end":479,"version_end_type":480,"fixed_in":9},"lt1_28_1",true,"semver","1.28.1","excluding",{"ecosystem":9,"name":482,"vendor":483,"product":484,"cpe_part":461,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":485},"enterprise linux","redhat","enterprise_linux",[486],{"version":487,"is_range":47,"range_type":465,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"ecosystem":9,"name":489,"vendor":483,"product":490,"cpe_part":491,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":492},"openshift container platform","openshift_container_platform","a",[493],{"version":494,"is_range":47,"range_type":465,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"4.0",{"ecosystem":9,"name":472,"vendor":496,"product":472,"cpe_part":491,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":497},"storage_project",[498],{"version":499,"is_range":477,"range_type":465,"version_start":9,"version_start_type":9,"version_end":479,"version_end_type":480,"fixed_in":9},"lt1.28.1"]