Filtered by vendor Devfile Subscriptions
Filtered by product Registry-support Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-1485 2 Devfile, Redhat 4 Registry-support, Ocp Tools, Openshift and 1 more 2024-10-22 8 High
A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed.