A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-02-13T23:31:14.427Z
Updated: 2024-09-09T19:59:33.982Z
Reserved: 2024-02-13T21:47:23.979Z
Link: CVE-2024-1485
Vulnrichment
Updated: 2024-08-01T18:40:21.236Z
NVD
Status : Awaiting Analysis
Published: 2024-02-14T00:15:46.783
Modified: 2024-02-22T01:15:07.980
Link: CVE-2024-1485
Redhat