blob: 3bd9aea2c9c391ddbf1707fb4ba850d76648ea94 [file] [log] [blame]
id: GO-2022-0346
modules:
- module: github.com/quay/claircore
versions:
- fixed: 1.1.0
vulnerable_at: 1.1.0-rc.0
packages:
- package: github.com/quay/claircore/rpm
symbols:
- Scanner.Scan
summary: Path traversal in github.com/quay/claircore
description: |-
A maliciously crafted RPM file can cause the Scanner.Scan function to write
files with arbitrary contents to arbitrary locations on the local filestem.
published: 2022-07-15T23:30:27Z
cves:
- CVE-2021-3762
ghsas:
- GHSA-mq47-6wwv-v79w
references:
- fix: https://github.com/quay/claircore/pull/478
- fix: https://github.com/quay/claircore/commit/691f2023a1720a0579e688b69a2f4bfe1f4b7821
review_status: REVIEWED