6 matches found
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the com.docker.compose.extends or com.docker.compose.envfile annotations in remote OCI artifact layers. An attacker can escape the intended cache directory and overwrite arbitrary files on the host system by...
CVE-2025-62725 Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...
GHSA-GV8H-7V7W-R22Q Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...
CRI-O vulnerable to an arbitrary systemd property injection
Impact On CRI-O, it looks like an arbitrary systemd property can be injected via a Pod annotation: --- apiVersion: v1 kind: Pod metadata: name: poc-arbitrary-systemd-property-injection annotations: I believe that ExecStart with an arbitrary command works here too, but I haven't figured out how to...
GHSA-2CGQ-H8XW-2V5J CRI-O vulnerable to an arbitrary systemd property injection
Impact On CRI-O, it looks like an arbitrary systemd property can be injected via a Pod annotation: --- apiVersion: v1 kind: Pod metadata: name: poc-arbitrary-systemd-property-injection annotations: I believe that ExecStart with an arbitrary command works here too, but I haven't figured out how to...
SUSE-SU-2023:4124-1 Security update for helm
This update for helm fixes the following issues: helm was updated to version 3.13.1: Fixing precedence issue with the import of values. Add missing with clause to release gh action FIX Default ServiceAccount yaml fixregistry: unswallow error remove useless print during prepareUpgrade fixregistry:...