data/reports/GO-2022-0346.yaml - vulndb - Git at Google

 id: GO-2022-0346
 modules:
     - module: github.com/quay/claircore
       versions:
         - fixed: 1.1.0
       vulnerable_at: 1.1.0-rc.0
       packages:
         - package: github.com/quay/claircore/rpm
           symbols:
             - Scanner.Scan
 summary: Path traversal in github.com/quay/claircore
 description: |-
     A maliciously crafted RPM file can cause the Scanner.Scan function to write
     files with arbitrary contents to arbitrary locations on the local filestem.
 published: 2022-07-15T23:30:27Z
 cves:
     - CVE-2021-3762
 ghsas:
     - GHSA-mq47-6wwv-v79w
 references:
     - fix: https://github.com/quay/claircore/pull/478
     - fix: https://github.com/quay/claircore/commit/691f2023a1720a0579e688b69a2f4bfe1f4b7821
 review_status: REVIEWED
	id: GO-2022-0346
	modules:
	- module: github.com/quay/claircore
	versions:
	- fixed: 1.1.0
	vulnerable_at: 1.1.0-rc.0
	packages:
	- package: github.com/quay/claircore/rpm
	symbols:
	- Scanner.Scan
	summary: Path traversal in github.com/quay/claircore
	description: \|-
	A maliciously crafted RPM file can cause the Scanner.Scan function to write
	files with arbitrary contents to arbitrary locations on the local filestem.
	published: 2022-07-15T23:30:27Z
	cves:
	- CVE-2021-3762
	ghsas:
	- GHSA-mq47-6wwv-v79w
	references:
	- fix: https://github.com/quay/claircore/pull/478
	- fix: https://github.com/quay/claircore/commit/691f2023a1720a0579e688b69a2f4bfe1f4b7821
	review_status: REVIEWED