Vulnerability Report: GO-2022-0230

CVE-2021-20206, GHSA-xjqr-g762-pxwp
Affects: github.com/containernetworking/cni
Published: Jul 01, 2022
Modified: May 20, 2024

The FindInPath function is vulnerable to directory traversal attacks, potentially permitting attackers to execute arbitrary binaries. This function does not sanitize its plugin parameter, so parameter names containing "../" or other such elements may reference arbitrary locations on the filesystem.

Affected Packages

Path

Go Versions

Symbols
github.com/containernetworking/cni/pkg/invoke

before v0.8.1
5 affected symbols

Aliases

CVE-2021-20206
GHSA-xjqr-g762-pxwp

References

https://github.com/containernetworking/cni/pull/808
https://bugzilla.redhat.com/show_bug.cgi?id=1919391
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549
https://vuln.go.dev/ID/GO-2022-0230.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL