GO-2026-4580

See a problem?
Please try reporting it to the source first.

Source

https://pkg.go.dev/vuln/GO-2026-4580

Import Source

https://vuln.go.dev/ID/GO-2026-4580.json

JSON Data

https://api.osv.dev/v1/vulns/GO-2026-4580

Aliases

Published

2026-03-10T18:28:01Z

Modified

2026-03-23T04:52:46.798505Z

Summary

kaniko has tar archive path traversal in its build context extraction, allowing file writes outside destination directories in github.com/chainguard-dev/kaniko

Details

kaniko has tar archive path traversal in its build context extraction, allowing file writes outside destination directories in github.com/chainguard-dev/kaniko

Database specific

{
    "url": "https://pkg.go.dev/vuln/GO-2026-4580",
    "review_status": "UNREVIEWED"
}

References

Affected packages

Go / github.com/chainguard-dev/kaniko

Package

Name: github.com/chainguard-dev/kaniko; View open source insights on deps.dev
Purl: pkg:golang/github.com/chainguard-dev/kaniko

Affected ranges

Type: SEMVER
Events: Introduced

1.25.4

Fixed

1.25.10

Database specific

source

"https://vuln.go.dev/ID/GO-2026-4580.json"