GHSA-QVQC-4C52-X6QP regclient may leak authentication credentials to external blob stores
Credentials for a registry may be inadvertently leaked to external servers. A prerequisite for this attack is a malicious registry server, a malicious blob store, or a registry that does not restrict the external URLs for foreign blobs. Example attack A malicious registry serves an OCI image...