2 matches found
arr-pm vulnerable to arbitrary shell execution when extracting or listing files contained in a malicious rpm
Impact Arbitrary shell execution is possible when using RPM::Filefiles and RPM::Fileextract if the RPM contains a malicious "payload compressor" field. This vulnerability impacts the extract and files methods of the RPM::File class in the affected versions of this library. Patches Version 0.0.12 ...
GO-2022-0346 Path traversal in github.com/quay/claircore
A maliciously crafted RPM file can cause the Scanner.Scan function to write files with arbitrary contents to arbitrary locations on the local filestem...