blob: ea785fe756a416a32e2f13349b97665184f5eb30 [file] [log] [blame]
id: GO-2022-1159
modules:
- module: github.com/containers/podman/v4
versions:
- introduced: 4.1.0-rc1
vulnerable_at: 4.3.1
packages:
- package: github.com/containers/podman/v4/pkg/bindings/images
symbols:
- Build
- nTar
summary: Path traversal in github.com/containers/podman/v4
description: |-
The local path and the lowest subdirectory may be disclosed due to incorrect
absolute path traversal, resulting in an impact to confidentiality.
cves:
- CVE-2022-4123
ghsas:
- GHSA-rprg-4v7q-87v7
credits:
- Sage McTaggart
references:
- report: https://bugzilla.redhat.com/show_bug.cgi?id=2144989
- web: https://github.com/containers/podman/pull/13531
review_status: REVIEWED