A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed.
References
Configurations
No configuration.
History
22 Feb 2024, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Feb 2024, 23:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.0 |
21 Feb 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.3 |
Summary |
|
|
Summary | (en) A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed. |
15 Feb 2024, 05:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into opening a specially modified .tar archive, leading to the cleanup process following relative paths to overwrite or delete files outside the intended scope. |
14 Feb 2024, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-14 00:15
Updated : 2024-02-22 01:15
NVD link : CVE-2024-1485
Mitre link : CVE-2024-1485
CVE.ORG link : CVE-2024-1485
JSON object : View
Products Affected
No product.
CWE
CWE-23
Relative Path Traversal