CVE-2021-21272
CVE-2021-21272 affects ORAS prior to 0.9.0, where the archive extraction feature (zip-slip via directory support) can write/overwrite files outside the target directory when processing crafted tarballs. This impacts ORAS CLI users running oras pull or Go programs using github.com/deislabs/oras/pk...