Lucene search
K

4 matches found

OSV
OSV
added 2026/02/02 9:5 p.m.6 views

GO-2026-4391 malcontent vulnerable to symlink Path Traversal via handleSymlink argument confusion in archive extraction in github.com/chainguard-dev/malcontent

malcontent vulnerable to symlink Path Traversal via handleSymlink argument confusion in archive extraction in github.com/chainguard-dev/malcontent...

5.5CVSS5.3AI score0.00167EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/29 9:12 p.m.5 views

CVE-2026-24846 malcontent's archive extraction could write outside extraction directory

malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 1.8.0 and prior to version 1.20.3, malcontent could be made to create symlinks outside the intended extraction directory when scanning a specially crafted tar or deb archive. The...

5.5CVSS5.9AI score0.00167EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/29 9:12 p.m.6 views

EUVD-2026-4947

malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 1.8.0 and prior to version 1.20.3, malcontent could be made to create symlinks outside the intended extraction directory when scanning a specially crafted tar or deb archive. The...

5.5CVSS5.9AI score0.00167EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/29 12:0 a.m.5 views

PT-2026-5354

Name of the Vulnerable Software and Affected Versions malcontent versions 1.8.0 through 1.20.2 Description malcontent may allow for the creation of symlinks outside the intended extraction directory when scanning specially crafted tar or deb archives. This occurs because the handleSymlink functio...

5.5CVSS5.9AI score0.00167EPSS
Exploits0References11
Rows per page
Query Builder