| id: GO-2022-0346 |
| modules: |
| - module: github.com/quay/claircore |
| versions: |
| - fixed: 1.1.0 |
| vulnerable_at: 1.1.0-rc.0 |
| packages: |
| - package: github.com/quay/claircore/rpm |
| symbols: |
| - Scanner.Scan |
| summary: Path traversal in github.com/quay/claircore |
| description: |- |
| A maliciously crafted RPM file can cause the Scanner.Scan function to write |
| files with arbitrary contents to arbitrary locations on the local filestem. |
| published: 2022-07-15T23:30:27Z |
| cves: |
| - CVE-2021-3762 |
| ghsas: |
| - GHSA-mq47-6wwv-v79w |
| references: |
| - fix: https://github.com/quay/claircore/pull/478 |
| - fix: https://github.com/quay/claircore/commit/691f2023a1720a0579e688b69a2f4bfe1f4b7821 |
| review_status: REVIEWED |