漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
melange creates SBOM files in APKs with world-writable permissions
Vulnerability Description
melange allows users to build apk packages using declarative pipelines. Starting in version 0.23.0 and prior to version 0.29.5, SBOM files generated by melange in apks had file system permissions mode 666. This potentially allows an unprivileged user to tamper with apk SBOMs on a running image, potentially confusing security scanners. An attacker could also perform a DoS under special circumstances. Version 0.29.5 fixes the issue.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Vulnerability Type
缺省权限不正确
Vulnerability Title
melange 安全漏洞
Vulnerability Description
melange是Chainguard开源的一个从源代码构建APK的软件。 melange 0.23.0至0.29.5之前版本存在安全漏洞,该漏洞源于SBOM文件权限设置不当,可能导致篡改攻击。
CVSS Information
N/A
Vulnerability Type
N/A