14 matches found
Improper Cleanup on Thrown Exception
Overview Affected versions of this package are vulnerable to Improper Cleanup on Thrown Exception when cleaning up tmp files. Temporary storage can be exhausted during the scanning process by an attacker providing large or highly compressed artifacts, leading to the accumulation of temporary file...
Improper Cleanup on Thrown Exception
Overview Affected versions of this package are vulnerable to Improper Cleanup on Thrown Exception when cleaning up tmp files. Temporary storage can be exhausted during the scanning process by an attacker providing large or highly compressed artifacts, leading to the accumulation of temporary file...
CVE-2024-24579
stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary director...
GO-2024-2490 Path traversal in github.com/anchore/stereoscope
It is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary directory...
Path Traversal
github.com/anchore/stereoscope is vulnerable to Path Traversal. The vulnerability due to the UntarToDirectory function lacking file path validation to ensure the contained files are within the restricted path, allowing an attacker to write files to arbitrary locations when stereoscope decompresse...
GHSA-HPXR-W9W7-G4GV stereoscope vulnerable to tar path traversal when processing OCI tar archives
Impact It is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary directory. Specifically, use of github.com/anchore/stereoscope/pkg/file.UntarToDirectory function, the...
stereoscope vulnerable to tar path traversal when processing OCI tar archives
Impact It is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary directory. Specifically, use of github.com/anchore/stereoscope/pkg/file.UntarToDirectory function, the...
CVE-2024-24579
stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary director...
Design/Logic Flaw
stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary director...
CVE-2024-24579 Tar path traversal in stereoscope when processing OCI tar archives
stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary director...
CVE-2024-24579 Tar path traversal in stereoscope when processing OCI tar archives
stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary director...
CVE-2024-24579
The set of documents identifies a path-traversal vulnerability in the Go library stereoscope (containers/image processing). Specifically, the CVE-2024-24579 entry describes a flaw prior to v0.0.1 where crafting an OCI tar archive can cause writes to paths outside the unarchive temporary directory...
PT-2024-20466 · Unknown · Stereoscope
Name of the Vulnerable Software and Affected Versions: stereoscope versions prior to 0.0.1 Description: It is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary directory. This issue is...
stereoscope path traversal vulnerability
stereoscope is a library for working with container image contents, layer file trees, and compressed file trees. A path traversal vulnerability exists in stereoscope versions prior to 0.0.1, which stems from an attempt by Stereoscope to unarchive content that will result in writing to a path...