Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Buildah 路径遍历漏洞
Vulnerability Description
Buildah是一款支持构建OCI容器映像的工具。 Buildah 1.14.5之前版本中存在路径遍历漏洞。攻击者可借助特制URL利用该漏洞将文件写入到用户系统中用户权限所允许的位置。
CVSS Information
N/A
Vulnerability Type
N/A