GO-2021-0081

Source
https://pkg.go.dev/vuln/GO-2021-0081
Import Source
https://vuln.go.dev/ID/GO-2021-0081.json
JSON Data
https://api.osv.dev/v1/vulns/GO-2021-0081
Aliases
Published
2021-04-14T20:04:52Z
Modified
2024-05-20T16:03:47Z
Summary
Insufficiently Protected Credentials in github.com/containers/image
Details

The HTTP client used to connect to the container registry authorization service explicitly disables TLS verification, allowing an attacker that is able to MITM the connection to steal credentials.

Database specific
{
    "review_status": "REVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2021-0081"
}
References

Affected packages

Go / github.com/containers/image

Package

Name
github.com/containers/image
View open source insights on deps.dev
Purl
pkg:golang/github.com/containers/image

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.2-0.20190802080134-634605d06e73+incompatible

Ecosystem specific

{
    "imports": [
        {
            "path": "github.com/containers/image/docker",
            "symbols": [
                "CheckAuth",
                "GetRepositoryTags",
                "Image.GetRepositoryTags",
                "NewReference",
                "ParseReference",
                "SearchRegistry",
                "dockerClient.getBearerToken",
                "dockerImageDestination.PutBlob",
                "dockerImageDestination.PutManifest",
                "dockerImageDestination.PutSignatures",
                "dockerImageDestination.SupportsSignatures",
                "dockerImageDestination.TryReusingBlob",
                "dockerImageSource.GetBlob",
                "dockerImageSource.GetManifest",
                "dockerImageSource.GetSignatures",
                "dockerReference.DeleteImage",
                "dockerReference.NewImage",
                "dockerReference.NewImageDestination",
                "dockerReference.NewImageSource",
                "dockerReference.PolicyConfigurationIdentity",
                "dockerTransport.ParseReference"
            ]
        }
    ]
}