зеркало из https://github.com/golang/vulndb.git
24 строки
776 B
YAML
24 строки
776 B
YAML
modules:
|
|
- module: github.com/deislabs/oras
|
|
versions:
|
|
- fixed: 0.9.0
|
|
vulnerable_at: 0.8.1
|
|
packages:
|
|
- package: github.com/deislabs/oras/pkg/content
|
|
symbols:
|
|
- extractTarDirectory
|
|
derived_symbols:
|
|
- fileWriter.Commit
|
|
description: |
|
|
Due to improper path validation, using the github.com/deislabs/oras/pkg/content.FileStore
|
|
content store may result in directory traversal during archive extraction, allowing a
|
|
malicious archive to write paths to arbitrary paths that the process can write to.
|
|
published: 2021-04-14T20:04:52Z
|
|
cves:
|
|
- CVE-2021-21272
|
|
ghsas:
|
|
- GHSA-g5v4-5x39-vwhx
|
|
credit: Chris Smowton
|
|
references:
|
|
- fix: https://github.com/deislabs/oras/commit/96cd90423303f1bb42bd043cb4c36085e6e91e8e
|