WS-2021-0427 (Low) detected in github.com/containerd/containerd/remotes/docker/schema1-df0cc5bd1848625d35fb4c09f0f4e5c694a46fcf #19
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-for-github-com
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
WS-2021-0427 - Low Severity Vulnerability
An open and reliable container runtime
Dependency Hierarchy:
Found in HEAD commit: 74c0db1e26014a7f5e115cea39a5b8613c912db7
Found in base branch: master
In the OCI Distribution Specification version 1.0.0 and prior and in the OCI Image Specification version 1.0.1 and prior, manifest and index documents are ambiguous without an accompanying Content-Type HTTP header. Versions of containerd prior to 1.4.12 and 1.5.8 treat the Content-Type header as trusted and deserialize the document according to that header. If the Content-Type header changed between pulls of the same ambiguous document (with the same digest), the document may be interpreted differently, meaning that the digest alone is insufficient to unambiguously identify the content of the image.
Publish Date: 2021-11-18
URL: WS-2021-0427
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: Required
- Scope: Changed
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: Low
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: GHSA-5j5w-g665-5m35
Release Date: 2021-11-18
Fix Resolution: solidus_core - 2.11.12, 3.0.3, 3.1.3
The text was updated successfully, but these errors were encountered: