Описание
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| golang-github-containers-image | fixed | 5.29.3-1 | package | |
| golang-github-containers-image | no-dsa | bookworm | package | |
| golang-github-containers-image | no-dsa | bullseye | package |
Примечания
https://bugzilla.redhat.com/show_bug.cgi?id=2274767
https://github.com/containers/image/pull/2403
EPSS
Связанные уязвимости
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
Containers/image: digest type does not guarantee valid type
EPSS