CVE-2025-24882

Опубликовано: 29 янв. 2025

Источник: debian

Описание

regclient is a Docker and OCI Registry Client in Go. A malicious registry could return a different digest for a pinned manifest without detection. This vulnerability is fixed in 0.7.1.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
golang-github-regclient-regclient	itp			package

Связанные уязвимости

CVE-2025-24882

CVSS3: 5.2

redhat

больше 1 года назад

regclient is a Docker and OCI Registry Client in Go. A malicious registry could return a different digest for a pinned manifest without detection. This vulnerability is fixed in 0.7.1.

CVE-2025-24882

CVSS3: 5.2

nvd

около 1 года назад

regclient is a Docker and OCI Registry Client in Go. A malicious registry could return a different digest for a pinned manifest without detection. This vulnerability is fixed in 0.7.1.

GHSA-qv35-3gw6-8q4j

CVSS3: 5.2

github

больше 1 года назад

In regclient, pinned manifest digests may be ignored