CVE-2020-13846: "Verify All" Returns Success Despite Validation Failures in Singularity
Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code.
References
- lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html
- lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html
- lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.html
- github.com/advisories/GHSA-6w7g-p4jh-rf92
- github.com/hpcng/singularity/security/advisories/GHSA-6w7g-p4jh-rf92
- nvd.nist.gov/vuln/detail/CVE-2020-13846
Detect and mitigate CVE-2020-13846 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →