Описание
HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.
Затронутые пакеты
Платформа | Пакет | Состояние | Рекомендация | Релиз |
---|---|---|---|---|
Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/multicloud-manager-rhel8 | Affected | ||
Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/openshift-hive-rhel8 | Affected | ||
Red Hat Advanced Cluster Management for Kubernetes 2 | acmesolver-container | Fixed | RHSA-2021:1168 | 13.04.2021 |
Red Hat Advanced Cluster Management for Kubernetes 2 | acm-must-gather-container | Fixed | RHSA-2021:1168 | 13.04.2021 |
Red Hat Advanced Cluster Management for Kubernetes 2 | acm-operator-bundle-container | Fixed | RHSA-2021:1168 | 13.04.2021 |
Red Hat Advanced Cluster Management for Kubernetes 2 | application-ui-container | Fixed | RHSA-2021:1168 | 13.04.2021 |
Red Hat Advanced Cluster Management for Kubernetes 2 | cainjector-container | Fixed | RHSA-2021:1168 | 13.04.2021 |
Red Hat Advanced Cluster Management for Kubernetes 2 | cert-manager-controller-container | Fixed | RHSA-2021:1168 | 13.04.2021 |
Red Hat Advanced Cluster Management for Kubernetes 2 | cert-manager-webhook-container | Fixed | RHSA-2021:1168 | 13.04.2021 |
Red Hat Advanced Cluster Management for Kubernetes 2 | cert-policy-controller-container | Fixed | RHSA-2021:1168 | 13.04.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.
HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar archives, and protections could be bypassed with specific constructions of multiple symlinks. Fixed in 0.5.0.
HashiCorp go-slug up to 0.4.3 did not fully protect against directory ...
EPSS
7.5 High
CVSS3