Описание
The ArchiveReader.extractContents() function used by cctl image load and container image load performs no pathname validation before extracting an archive member. This means that a carelessly or maliciously constructed archive can extract a file into any user-writable location on the system using relative pathnames. This issue is addressed in container 0.8.0 and containerization 0.21.0.
Ссылки
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.8.0 (исключая)Версия до 0.21.0 (исключая)
Одно из
cpe:2.3:a:apple:container:*:*:*:*:*:swift:*:*
cpe:2.3:a:apple:containerization:*:*:*:*:*:swift:*:*
EPSS
Процентиль: 0%
0.00006
Низкий
7.8 High
CVSS3
Дефекты
CWE-22
Связанные уязвимости
github
16 дней назад
Container and Containerization archive extraction does not guard against escapes from extraction base directory.
EPSS
Процентиль: 0%
0.00006
Низкий
7.8 High
CVSS3
Дефекты
CWE-22