Filtered by vendor Devfile
Subscriptions
Filtered by product Registry-support
Subscriptions
Total
1 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-1485 | 2 Devfile, Redhat | 4 Registry-support, Ocp Tools, Openshift and 1 more | 2024-11-21 | 8 High |
A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed. |
Page 1 of 1.