Описание
OSV-SCALIBR's Container Image Unpacking Vulnerable to Arbitrary File Write via Path Traversal
Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images.
Пакеты
Наименование
github.com/google/osv-scalibr
go
Затронутые версииВерсия исправления
>= 0.1.3, < 0.2.1
0.2.1
Связанные уязвимости
CVSS3: 6.5
nvd
8 месяцев назад
Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images.