Vulnerability Report: GO-2024-2842
- CVE-2024-3727, GHSA-6wvf-f2vw-3425
- Affects: github.com/containers/image/v5
- Published: May 20, 2024
An attacker may trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-6wvf-f2vw-3425.
Affected Packages
-
PathGo VersionsSymbols
-
before v5.30.1
-
before v5.30.1
8 unexported affected symbols
- dirImageDestination.PutBlobWithOptions
- dirImageDestination.PutManifest
- dirImageDestination.PutSignaturesWithFormat
- dirImageDestination.TryReusingBlobWithOptions
- dirImageSource.GetBlob
- dirImageSource.GetManifest
- dirImageSource.GetSignaturesWithFormat
- dirReference.NewImage
-
before v5.30.1
-
before v5.30.1
-
before v5.30.1
7 unexported affected symbols
- openshiftImageDestination.PutBlobWithOptions
- openshiftImageDestination.PutManifest
- openshiftImageDestination.TryReusingBlobWithOptions
- openshiftImageSource.GetBlob
- openshiftImageSource.GetManifest
- openshiftImageSource.GetSignaturesWithFormat
- openshiftReference.NewImage
-
before v5.30.1
3 unexported affected symbols
- ostreeImageDestination.Commit
- ostreeImageDestination.TryReusingBlobWithOptions
- ostreeImageSource.GetBlob
-
before v5.30.1
-
before v5.30.1
Aliases
References
- https://github.com/advisories/GHSA-6wvf-f2vw-3425
- https://github.com/containers/image/commit/132678b47bae29c710589012668cb85859d88385
- https://access.redhat.com/security/cve/CVE-2024-3727
- https://bugzilla.redhat.com/show_bug.cgi?id=2274767
- https://github.com/containers/image/releases/tag/v5.30.1
- https://vuln.go.dev/ID/GO-2024-2842.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.