4 matches found
CVE-2024-1485 vulnerabilities
Vulnerabilities for packages: gitlab-rails-ce, gitlab-rails-ce-fips...
CVE-2024-1485
creationtimestamp| type| source ---|---|--- 2024-02-14 01:21:38+00:00| seen| https://t.me/ctinow/184345 2025-03-13 00:43:13+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/7390 2025-05-12 23:29:29+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/16...
CVE-2024-1485
CVE-2024-1485 affects the registry-support library’s decompression logic. An unauthenticated attacker can trick a user into parsing a devfile that uses the parent or plugin keywords, causing the decompressor to extract archives with relative paths that write outside the intended scope. This can l...
CVE-2024-1485
A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the parent or plugin keywords. This could download a malicious archive and cause the cleanup process to overwrite o...