4 matches found
GO-2026-4391 malcontent vulnerable to symlink Path Traversal via handleSymlink argument confusion in archive extraction in github.com/chainguard-dev/malcontent
malcontent vulnerable to symlink Path Traversal via handleSymlink argument confusion in archive extraction in github.com/chainguard-dev/malcontent...
CVE-2026-24846 malcontent's archive extraction could write outside extraction directory
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 1.8.0 and prior to version 1.20.3, malcontent could be made to create symlinks outside the intended extraction directory when scanning a specially crafted tar or deb archive. The...
EUVD-2026-4947
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 1.8.0 and prior to version 1.20.3, malcontent could be made to create symlinks outside the intended extraction directory when scanning a specially crafted tar or deb archive. The...
PT-2026-5354
Name of the Vulnerable Software and Affected Versions malcontent versions 1.8.0 through 1.20.2 Description malcontent may allow for the creation of symlinks outside the intended extraction directory when scanning specially crafted tar or deb archives. This occurs because the handleSymlink functio...