A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed.
Metrics
Affected Vendors & Products
References
History
Mon, 21 Oct 2024 20:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Devfile
Devfile registry-support Redhat openshift Developer Tools And Services |
|
Weaknesses | CWE-22 | |
CPEs | cpe:2.3:a:devfile:registry-support:*:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift:4.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:openshift_developer_tools_and_services:-:*:*:*:*:*:*:* |
|
Vendors & Products |
Devfile
Devfile registry-support Redhat openshift Developer Tools And Services |
Fri, 27 Sep 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2024-02-13T23:31:14.427Z
Updated: 2024-11-06T14:50:04.605Z
Reserved: 2024-02-13T21:47:23.979Z
Link: CVE-2024-1485
Vulnrichment
Updated: 2024-08-01T18:40:21.236Z
NVD
Status : Modified
Published: 2024-02-14T00:15:46.783
Modified: 2024-11-21T08:50:41.090
Link: CVE-2024-1485
Redhat