GO-2024-2979
- Source
- https://pkg.go.dev/vuln/GO-2024-2979
- Import Source
- https://vuln.go.dev/ID/GO-2024-2979.json
- JSON Data
- https://api.osv.dev/v1/vulns/GO-2024-2979
- Aliases
- Published
- 2024-07-10T17:05:50Z
- Modified
- 2024-09-06T20:44:16Z
- Summary
- Cache driver GetBlob() allows read access to any blob without access control check in zotregistry.dev/zot
- Details
-
Cache driver GetBlob() allows read access to any blob without access control check in zotregistry.dev/zot.
NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.
(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)
The additional affected modules and versions are: zotregistry.dev/zot before v2.1.0; zotregistry.io/zot before v2.1.0.
- Database specific
{ "review_status": "UNREVIEWED", "url": "https://pkg.go.dev/vuln/GO-2024-2979" }- References
Affected packages
Go / zotregistry.dev/zot
Package
- Name
- zotregistry.dev/zot
- View open source insights on deps.dev
- Purl
- pkg:golang/zotregistry.dev/zot
Go / zotregistry.io/zot
Package
- Name
- zotregistry.io/zot
- View open source insights on deps.dev
- Purl
- pkg:golang/zotregistry.io/zot