A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution.
{ "nvd_published_at": "2022-03-03T22:15:00Z", "severity": "HIGH", "github_reviewed_at": "2022-03-18T23:23:02Z", "github_reviewed": true, "cwe_ids": [ "CWE-22" ] }