Vulnerability Report: GO-2021-0081
- CVE-2019-10214, GHSA-85p9-j7c9-v4gr
- Affects: github.com/containers/image
- Published: Apr 14, 2021
- Modified: May 20, 2024
The HTTP client used to connect to the container registry authorization service explicitly disables TLS verification, allowing an attacker that is able to MITM the connection to steal credentials.
Affected Packages
-
PathGo VersionsSymbols
-
before v2.0.2-0.20190802080134-634605d06e73+incompatible
Aliases
References
- https://github.com/containers/image/pull/669
- https://github.com/containers/image/commit/634605d06e738aec8332bcfd69162e7509ac7aaf
- https://github.com/containers/image/issues/654
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214
- https://vuln.go.dev/ID/GO-2021-0081.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.