blob: 3aeb965e2483358b578aaa093fc88e8164afa539 [file] [log] [blame]
module: github.com/openshift/source-to-image
package: github.com/openshift/source-to-image/pkg/tar
versions:
- fixed: v1.1.10-0.20180427153919-f5cbcbc5cc6f
description: |
Due to improper path santization, archives containing relative file
paths can cause files to be written (or overwritten) outside of the
target directory.
cves:
- CVE-2018-1103
symbols:
- stiTar.ExtractTarStreamFromTarReader
- stiTar.extractLink
- New
derived_symbols:
- stiTar.ExtractTarStream
- stiTar.ExtractTarStreamWithLogging
links:
commit: https://github.com/openshift/source-to-image/commit/f5cbcbc5cc6f8cc2f479a7302443bea407a700cb
context:
- https://snyk.io/research/zip-slip-vulnerability