6 matches found
GHSA-G5V4-5X39-VWHX Zip slip directory exploit in github.com/deislabs/oras
Impact The directory support 55 allows the downloaded gzipped tarballs to be automatically extracted to the user-specified directory where the tarball can have symbolic links and hard links. A well-crafted tarball or tarballs allow malicious artifact providers linking, writing, or overwriting...
GO-2021-0099 Zip slip directory exploit in github.com/deislabs/oras
Due to improper path validation, using the github.com/deislabs/oras/pkg/content.FileStore content store may result in directory traversal during archive extraction, allowing a malicious archive to write paths to arbitrary paths that the process can write to...
Deislabs Oras Backlink Vulnerability
Deislabs Oras is a Go-based software from the Deislabs team for pushing OCI packages to the registered end. Deislabs Oras suffers from a backlink vulnerability that can be exploited by an attacker to write or overwrite specific files on a host file system other than the user's...
The Safety Boat: Kubernetes and Rust
Our team, DeisLabs, recently released a new piece of software called Krustlet, which is a tool for running WebAssembly modules on the popular, open-source container management tool called Kubernetes. Kubernetes is used quite extensively to run cloud software across many vendors and companies and ...
The Safety Boat: Kubernetes and Rust
Our team, DeisLabs, recently released a new piece of software called Krustlet, which is a tool for running WebAssembly modules on the popular, open-source container management tool called Kubernetes. Kubernetes is used quite extensively to run cloud software across many vendors and companies and ...
The Safety Boat: Kubernetes and Rust
Our team, DeisLabs, recently released a new piece of software called Krustlet, which is a tool for running WebAssembly modules on the popular, open-source container management tool called Kubernetes. Kubernetes is used quite extensively to run cloud software across many vendors and companies and ...