A maliciously crafted RPM file can cause the Scanner.Scan function to write files with arbitrary contents to arbitrary locations on the local filestem.
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2022-0346" }
{ "imports": [ { "symbols": [ "Scanner.Scan" ], "path": "github.com/quay/claircore/rpm" } ] }