A security vulnerability in Singularity version 3.7.2 and 3.7.3 has been publicly announced that enables an attacker to publish malicious container that takes priority over a container that a user is expecting to run.

Due to incorrect use of a default URL, singularity commands run/shell/exec using a library:// URI always try to retrieve the container from the default endpoint (https://cloud.sylabs.io) rather than the configured endpoint. http://cloud.sylabs.io endpoint is similar to Docker hub, it is publicly accessible and available to registered users.

Users can choose to redirect “library://” references to a private server with the singularity “remote” command. In the vulnerable version 3.7.2 and 3.7.3 the singularity action commands always try to download from https://cloud.sylabs.io first, so someone could publish a container there with the same name as a container on the private server and the untrusted container from the public server would instead be used.

An updated version of Singularity 3.7.4 is already available to download from epel-testing and fedora-testing repositories.

As a user you can prevent a potential problem by not using a private server for library:// with singularity version 3.7.2 and 3.7.3.