Описание
The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerable to Remote Code Execution (RCE) via the isDockerInstalled function, due to attempting to execute input.
A flaw was found in the jib-core package. This flaw allows an attacker to execute remote code into its target.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat build of Quarkus | jib-core | Affected | ||
| Red Hat Fuse 7 | jib-core | Affected | ||
| Migration Toolkit for Runtimes 1 on RHEL 8 | org.jboss.windup-windup-openshift-parent | Fixed | RHSA-2023:0471 | 26.01.2023 |
Показывать по
10
Дополнительная информация
Статус:
Important
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=2134344jib-core: RCE via the isDockerInstalled
9.8 Critical
CVSS3
Связанные уязвимости
CVSS3: 5.6
nvd
больше 3 лет назад
The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerable to Remote Code Execution (RCE) via the isDockerInstalled function, due to attempting to execute input.
CVSS3: 9.8
github
больше 3 лет назад
com.google.cloud.tools:jib-core vulnerable to Remote Code Execution (RCE)
9.8 Critical
CVSS3