reports/GO-2021-0081.toml - vuln - Git at Google

 module = "github.com/containers/image"
 package = "github.com/containers/image/docker"

 description = """
 The HTTP client used to connect to the container registry authorization
 service explicitly disables TLS verification, allowing an attacker that
 is able to MITM the connection to steal credentials.
 """

 cve = "CVE-2019-10214"

 symbols = ["dockerClient.getBearerToken"]

 published = "2021-04-14T12:00:00Z"

 [[versions]]
 introduced = ""
 fixed = "v2.0.2-0.20190802080134-634605d06e73+incompatible"

 [links]
 commit = "https://github.com/containers/image/commit/634605d06e738aec8332bcfd69162e7509ac7aaf"
 pr = "https://github.com/containers/image/pull/669"
 context = [
     "https://github.com/containers/image/issues/654",
     "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214"
 ]
	module = "github.com/containers/image"
	package = "github.com/containers/image/docker"

	description = """
	The HTTP client used to connect to the container registry authorization
	service explicitly disables TLS verification, allowing an attacker that
	is able to MITM the connection to steal credentials.
	"""

	cve = "CVE-2019-10214"

	symbols = ["dockerClient.getBearerToken"]

	published = "2021-04-14T12:00:00Z"

	[[versions]]
	introduced = ""
	fixed = "v2.0.2-0.20190802080134-634605d06e73+incompatible"

	[links]
	commit = "https://github.com/containers/image/commit/634605d06e738aec8332bcfd69162e7509ac7aaf"
	pr = "https://github.com/containers/image/pull/669"
	context = [
	"https://github.com/containers/image/issues/654",
	"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214"
	]