Vulnerability Report: GO-2024-2490
- CVE-2024-24579, GHSA-hpxr-w9w7-g4gv
- Affects: github.com/anchore/stereoscope
- Published: Feb 13, 2024
It is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary directory.
For detailed information about this vulnerability, visit https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv.
Affected Packages
-
PathVersionsSymbols
-
before v0.0.1
Aliases
References
- https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv
- https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204
- https://vuln.go.dev/ID/GO-2024-2490.json
Credits
- @wagoodman@joshbressers, @nurmi
Feedback
See anything missing or incorrect?
Suggest an edit to this report.