An attacker may trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2024-2842" }
{ "imports": [ { "path": "github.com/containers/image/v5/copy", "symbols": [ "Image", "copier.createProgressBar", "imageCopier.copyConfig", "imageCopier.copyLayer" ] }, { "path": "github.com/containers/image/v5/directory", "symbols": [ "dirImageDestination.PutBlobWithOptions", "dirImageDestination.PutManifest", "dirImageDestination.PutSignaturesWithFormat", "dirImageDestination.TryReusingBlobWithOptions", "dirImageSource.GetBlob", "dirImageSource.GetManifest", "dirImageSource.GetSignaturesWithFormat", "dirReference.NewImage" ] }, { "path": "github.com/containers/image/v5/docker", "symbols": [ "GetRepositoryTags", "Image.GetRepositoryTags", "deleteImage", "dockerClient.fetchManifest", "dockerClient.getBlob", "dockerClient.getExtensionsSignatures", "dockerClient.getSigstoreAttachmentManifest", "dockerImageDestination.PutBlobWithOptions", "dockerImageDestination.PutManifest", "dockerImageDestination.PutSignaturesWithFormat", "dockerImageDestination.TryReusingBlobWithOptions", "dockerImageDestination.blobExists", "dockerImageDestination.putSignaturesToLookaside", "dockerImageDestination.putSignaturesToSigstoreAttachments", "dockerImageSource.GetBlob", "dockerImageSource.GetBlobAt", "dockerImageSource.GetManifest", "dockerImageSource.GetSignaturesWithFormat", "dockerImageSource.getSignaturesFromLookaside", "dockerReference.DeleteImage", "dockerReference.NewImage", "dockerReference.NewImageSource", "lookasideStorageURL", "sigstoreAttachmentTag" ] }, { "path": "github.com/containers/image/v5/docker/internal/tarfile", "symbols": [ "Destination.PutBlobWithOptions", "Destination.PutManifest", "Writer.configPath", "Writer.ensureManifestItemLocked", "Writer.ensureSingleLegacyLayerLocked", "Writer.physicalLayerPath", "Writer.writeLegacyMetadataLocked" ] }, { "path": "github.com/containers/image/v5/openshift", "symbols": [ "openshiftImageDestination.PutBlobWithOptions", "openshiftImageDestination.PutManifest", "openshiftImageDestination.TryReusingBlobWithOptions", "openshiftImageSource.GetBlob", "openshiftImageSource.GetManifest", "openshiftImageSource.GetSignaturesWithFormat", "openshiftReference.NewImage" ] }, { "path": "github.com/containers/image/v5/ostree", "symbols": [ "ostreeImageDestination.Commit", "ostreeImageDestination.TryReusingBlobWithOptions", "ostreeImageSource.GetBlob" ] }, { "path": "github.com/containers/image/v5/pkg/blobcache", "symbols": [ "BlobCache.HasBlob", "BlobCache.NewImage", "BlobCache.blobPath", "BlobCache.findBlob", "blobCacheDestination.PutBlobWithOptions", "blobCacheDestination.PutManifest", "blobCacheDestination.TryReusingBlobWithOptions", "blobCacheDestination.saveStream", "blobCacheSource.GetBlob", "blobCacheSource.GetBlobAt", "blobCacheSource.GetManifest", "blobCacheSource.LayerInfosForCopy" ] }, { "path": "github.com/containers/image/v5/storage", "symbols": [ "ResolveReference", "manifestBigDataKey", "signatureBigDataKey", "storageImageDestination.Commit", "storageImageDestination.PutBlobWithOptions", "storageImageDestination.TryReusingBlobWithOptions", "storageImageDestination.tryReusingBlobAsPending", "storageImageSource.GetManifest", "storageImageSource.GetSignaturesWithFormat", "storageImageSource.LayerInfosForCopy", "storageReference.DeleteImage", "storageReference.NewImage", "storageReference.NewImageSource", "storageTransport.GetImage", "storageTransport.GetStoreImage" ] } ] }