Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2024-1485

Опубликовано: 14 фев. 2024
Источник: nvd
CVSS3: 8
CVSS3: 9.3
EPSS Низкий

Описание

A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the parent or plugin keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:devfile:registry-support:*:*:*:*:*:*:*:*
Версия до 0.0.0-20240206 (исключая)
cpe:2.3:a:redhat:openshift:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:*

EPSS

Процентиль: 81%
0.01623
Низкий

8 High

CVSS3

9.3 Critical

CVSS3

Дефекты

CWE-23
CWE-22

Связанные уязвимости

redhat логотип

CVE-2024-1485

CVSS3: 8
redhat
около 2 лет назад

A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed.

github логотип

GHSA-84xv-jfrm-h4gm

CVSS3: 8
github
почти 2 года назад

registry-support: decompress can delete files outside scope via relative paths

EPSS

Процентиль: 81%
0.01623
Низкий

8 High

CVSS3

9.3 Critical

CVSS3

Дефекты

CWE-23
CWE-22