3 matches found
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the verifyBlob in the Model Pull API that improperly verifies manifest containing both config and layer digests. An attacker can access internal resources or services by sending crafted requests...
CVE-2025-24882 regclient may ignore pinned manifest digests
regclient is a Docker and OCI Registry Client in Go. A malicious registry could return a different digest for a pinned manifest without detection. This vulnerability is fixed in 0.7.1...
GO-2024-3038 In regclient, pinned manifest digests may be ignored in github.com/regclient/regclient
In regclient, pinned manifest digests may be ignored in github.com/regclient/regclient...