CVE-2021-3762: CVE-2021-3762

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-3762

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

对路径名的限制不恰当(路径遍历)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Clair 路径遍历漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Clair是一个开源项目。用于对应用程序容器（目前包括Oci和Docker）中的漏洞进行静态分析。 Clair 存在路径遍历漏洞，该漏洞源于在 Clair 的 ClairCore 引擎中发现了一个目录遍历漏洞。攻击者可以通过提供精心制作的容器映像来利用这一点，当 Clair 扫描该映像时，允许在文件系统上写入任意文件，从而可能允许远程代码执行。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	quay/claircore	Affects v0.4.6 and higher, v0.5.3 and higher \| Fixedin claircore v0.4.8, v0.5.5.	-

II. Public POCs for CVE-2021-3762

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-3762

Please Login to view more intelligence information

https://github.com/quay/claircore/commit/691f2023a1720a0579e688b69a2f4bfe1f4b7821x_refsource_MISC
https://github.com/quay/clair/pull/1380x_refsource_MISC
https://vulmon.com/exploitdetails?qidtp=maillist_oss_security&qid=d19fce9ede06e13dfb5630ece7f14f83x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=2000795x_refsource_MISC
https://github.com/quay/clair/pull/1379x_refsource_MISC
https://github.com/quay/claircore/pull/478x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2021-3762

IV. Related Vulnerabilities

Same vendor: n/a

Same weakness: CWE-22

V. Comments for CVE-2021-3762

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2021-3762

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-3762

III. Intelligence Information for CVE-2021-3762

IV. Related Vulnerabilities

V. Comments for CVE-2021-3762

Leave a comment