GHSA-6wvf-f2vw-3425

Suggest an improvement
Source
https://github.com/advisories/GHSA-6wvf-f2vw-3425
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-6wvf-f2vw-3425/GHSA-6wvf-f2vw-3425.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-6wvf-f2vw-3425
Aliases
Related
Published
2024-05-14T18:30:52Z
Modified
2024-11-12T15:30:32Z
Severity
  • 8.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
Summary
github.com/containers/image allows unexpected authenticated registry accesses
Details

A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

References

Affected packages

Go / github.com/containers/image

Package

Name
github.com/containers/image
View open source insights on deps.dev
Purl
pkg:golang/github.com/containers/image

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.30.1

Go / github.com/containers/image/v5

Package

Name
github.com/containers/image/v5
View open source insights on deps.dev
Purl
pkg:golang/github.com/containers/image/v5

Affected ranges

Type
SEMVER
Events
Introduced
5.30.0
Fixed
5.30.1

Go / github.com/containers/image/v5

Package

Name
github.com/containers/image/v5
View open source insights on deps.dev
Purl
pkg:golang/github.com/containers/image/v5

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.29.3