skopeo vulnerabilities

Known vulnerabilities in the skopeo package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
M Information Exposure	<2:1.14.5-3.module+el8.10.0+90449+0b7c8529
M Directory Traversal	<2:1.14.5-3.module+el8.10.0+90449+0b7c8529
H Link Following	<2:1.14.5-3.module+el8.10.0+90429+ee702c5c
H Directory Traversal	<2:1.14.5-3.module+el8.10.0+90429+ee702c5c
H Improper Input Validation	<2:1.14.5-3.module+el8.10.0+90429+ee702c5c
H CVE-2024-34155	<2:1.14.5-3.module+el8.10.0+90416+5b0f6a17
H CVE-2024-34156	<2:1.14.5-3.module+el8.10.0+90416+5b0f6a17
H CVE-2024-34158	<2:1.14.5-3.module+el8.10.0+90416+5b0f6a17
M CVE-2024-24791	<2:1.14.5-3.module+el8.10.0+90412+9b361f34
M CVE-2024-24788	<2:1.14.5-3.module+el8.10.0+90412+9b361f34
H CVE-2024-24789	<2:1.14.5-3.module+el8.10.0+90384+a78ffc57
H CVE-2023-45290	<2:1.14.5-3.module+el8.10.0+90416+5b0f6a17
M CVE-2024-24783	<2:1.14.5-3.module+el8.10.0+90412+9b361f34
H Memory Leak	<2:1.14.5-3.module+el8.10.0+90384+a78ffc57
H CVE-2024-37298	<2:1.14.5-3.module+el8.10.0+90384+a78ffc57
M CVE-2024-24784	<2:1.14.5-3.module+el8.10.0+90412+9b361f34
H Improper Validation of Integrity Check Value	<2:1.14.5-3.module+el8.10.0+90384+a78ffc57
H Information Exposure Through Log Files	<2:1.14.5-3.module+el8.10.0+90384+a78ffc57
M CVE-2024-28176	<2:1.14.3-2.module+el8.10.0+90337+0d7b6e74
M CVE-2024-28180	<2:1.14.3-2.module+el8.10.0+90337+0d7b6e74
H CVE-2024-24786	<2:1.14.3-2.module+el8.10.0+90337+0d7b6e74
M Information Exposure	<2:1.14.3-0.1.module+el8.10.0+90298+77a9814d
M Improper Certificate Validation	<2:1.14.3-0.1.module+el8.10.0+90298+77a9814d
M Open Redirect	<2:1.14.3-0.1.module+el8.10.0+90298+77a9814d
M Improper Validation of Integrity Check Value	<2:1.14.3-0.1.module+el8.10.0+90298+77a9814d
M CVE-2021-33198	<2:1.14.5-3.module+el8.10.0+90449+0b7c8529
M Improper Check for Unusual or Exceptional Conditions	<2:1.14.3-0.1.module+el8.10.0+90298+77a9814d
H Link Following	<2:1.14.3-2.module+el8.10.0+90337+0d7b6e74
M CVE-2023-39326	<2:1.6.2-9.module+el8.9.0+90165+ead7974e
M Information Exposure	<2:1.14.3-0.1.module+el8.10.0+90298+77a9814d
H Exposure of Resource to Wrong Sphere	<2:1.6.2-9.module+el8.9.0+90148+6046e3c3
M Allocation of Resources Without Limits or Throttling	<2:1.14.3-0.1.module+el8.10.0+90298+77a9814d
M Resource Exhaustion	<2:1.14.3-0.1.module+el8.10.0+90298+77a9814d
H CVE-2022-41715	<2:1.14.3-2.module+el8.10.0+90337+0d7b6e74
M Cross-site Scripting (XSS)	<2:1.14.3-0.1.module+el8.10.0+90298+77a9814d
H HTTP Request Smuggling	<2:1.14.3-2.module+el8.10.0+90337+0d7b6e74
M Cross-site Scripting (XSS)	<2:1.14.3-0.1.module+el8.10.0+90298+77a9814d
M CVE-2023-39321	<2:1.14.3-0.1.module+el8.10.0+90298+77a9814d
M Allocation of Resources Without Limits or Throttling	<2:1.14.3-0.1.module+el8.10.0+90298+77a9814d
M Arbitrary Code Injection	<2:1.13.3-1.module+el8.9.0+90021+ce997450
M Integer Overflow or Wraparound	<2:1.6.2-8.module+el8.9.0+90044+a34bc939
M Resource Exhaustion	<2:1.6.2-8.module+el8.9.0+90044+a34bc939
M Allocation of Resources Without Limits or Throttling	<2:1.6.2-8.module+el8.9.0+90044+a34bc939
M Resource Exhaustion	<2:1.13.3-1.module+el8.9.0+90021+ce997450
M Incorrect Authorization	<2:1.13.3-1.module+el8.9.0+90021+ce997450
M CVE-2023-24540	<2:1.13.3-1.module+el8.9.0+90021+ce997450
M Cross-site Scripting (XSS)	<2:1.13.3-1.module+el8.9.0+90021+ce997450
M CVE-2022-41723	<2:1.13.3-1.module+el8.9.0+90021+ce997450
M Resource Exhaustion	<2:1.6.2-8.module+el8.9.0+90044+a34bc939
M Interpretation Conflict	<2:1.6.2-9.module+el8.9.0+90086+8f2d6fb1
M Allocation of Resources Without Limits or Throttling	<2:1.13.3-1.module+el8.9.0+90021+ce997450
M Arbitrary Code Injection	<2:1.13.3-1.module+el8.9.0+90021+ce997450
M Arbitrary Code Injection	<2:1.13.3-1.module+el8.9.0+90021+ce997450
H Use of Incorrectly-Resolved Name or Reference	<2:1.11.2-0.2.module+el8.8.0+21045+adcb6a64
H Link Following	<2:1.6.2-6.module+el8.8.0+20984+ab6ce66c
H Improper Preservation of Permissions	<2:1.6.2-6.module+el8.8.0+20984+ab6ce66c
M Time-of-check Time-of-use (TOCTOU)	<2:1.6.2-6.module+el8.8.0+20984+ab6ce66c
M Allocation of Resources Without Limits or Throttling	<2:1.6.2-6.module+el8.8.0+20984+ab6ce66c
M Placement of User into Incorrect Group	<2:1.6.2-6.module+el8.8.0+20984+ab6ce66c
M Race Condition	<2:1.9.2-1.module+el8.7.0+20873+328b8baa
L Placement of User into Incorrect Group	<2:1.9.3-1.module+el8.7.0+20877+e0f9ac15
M Incorrect Default Permissions	<2:1.6.2-5.module+el8.7.0+20872+81cbf159
M Access of Resource Using Incompatible Type ('Type Confusion')	<2:1.9.2-1.module+el8.7.0+20873+328b8baa
M CVE-2022-27191	<2:1.6.2-5.module+el8.7.0+20872+81cbf159
M CVE-2022-27664	<2:1.11.2-0.2.module+el8.8.0+21045+adcb6a64
M CVE-2022-32189	<2:1.11.2-0.2.module+el8.8.0+21045+adcb6a64
M Allocation of Resources Without Limits or Throttling	<1:1.2.4-2.0.1.module+el8.7.0+20785+0180d035
M Uncontrolled Recursion	<2:1.6.2-6.module+el8.8.0+20984+ab6ce66c
M Uncontrolled Recursion	<2:1.6.2-6.module+el8.8.0+20984+ab6ce66c
M CVE-2022-32148	<2:1.6.2-6.module+el8.8.0+20984+ab6ce66c
M Uncontrolled Recursion	<2:1.6.2-6.module+el8.8.0+20984+ab6ce66c
M Uncontrolled Recursion	<2:1.6.2-6.module+el8.8.0+20984+ab6ce66c
M HTTP Request Smuggling	<2:1.6.2-6.module+el8.8.0+20984+ab6ce66c
M Uncontrolled Recursion	<2:1.11.2-0.2.module+el8.8.0+21045+adcb6a64
M Uncontrolled Recursion	<2:1.11.2-0.2.module+el8.8.0+21045+adcb6a64
M Uncontrolled Recursion	<2:1.6.2-6.module+el8.8.0+20984+ab6ce66c
M Use of Insufficiently Random Values	<2:1.11.2-0.2.module+el8.8.0+21045+adcb6a64
M Incorrect Default Permissions	<1:1.2.4-1.0.1.module+el8.6.0+20652+6ea35e6f
M Allocation of Resources Without Limits or Throttling	<1:1.2.4-2.0.1.module+el8.7.0+20785+0180d035
H Improper Privilege Management	<2:1.6.1-2.module+el8.6.0+20656+53f7e955
H Incorrect Default Permissions	<2:1.6.1-2.module+el8.6.0+20656+53f7e955
H Incorrect Default Permissions	<2:1.6.1-2.module+el8.6.0+20656+53f7e955
M Improper Cross-boundary Removal of Sensitive Data	<1:0.1.41-4.0.1.module+el8.5.0+20355+d36cb39d
M Improper Locking	<1:1.4.2-0.1.0.1.module+el8.5.0+20416+d687fed7
M Origin Validation Error	<1:1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb
M NULL Pointer Dereference	<1:1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb
H Race Condition	<1:1.2.2-7.0.1.module+el8.4.0+20196+91e9c2ae
H Incorrect Authorization	<1:0.1.41-4.0.1.module+el8.3.0+9670+b9fad87d
M Improper Cross-boundary Removal of Sensitive Data	<1:1.2.0-9.0.1.module+el8.3.1+9659+c1901784
M CVE-2020-10749	<1:1.1.1-3.0.1.module+el8.3.0+7866+f387f528
M Out-of-bounds Read	<1:1.1.1-3.0.1.module+el8.3.0+7866+f387f528
M Loop with Unreachable Exit Condition ('Infinite Loop')	<1:1.1.1-3.0.1.module+el8.3.0+7866+f387f528
M Use After Free	<1:1.0.0-1.0.1.module+el8.2.1+7658+86e51d52
H Directory Traversal	<1:0.1.40-9.0.1.module+el8.2.0+7618+3a616245
M Use of Incorrectly-Resolved Name or Reference	<1:0.1.40-10.0.1.module+el8.2.0+5584+b2b2d3fb
M Files or Directories Accessible to External Parties	<1:0.1.40-10.0.1.module+el8.2.0+5584+b2b2d3fb
M Resource Exhaustion	<1:0.1.40-10.0.1.module+el8.2.0+5584+b2b2d3fb
H Buffer Overflow	<1:0.1.40-8.0.1.module+el8.1.1+5502+fbec5cc6
H Out-of-bounds Write	<1:0.1.40-8.0.1.module+el8.1.1+5502+fbec5cc6
H Incorrect Authorization	<1:0.1.37-6.0.1.module+el8.1.0+5460+5d763c32
H Improper Handling of Exceptional Conditions	<1:0.1.32-5.0.2.git1715c90.module+el8.1.0+5440+42cffa37
H Insufficiently Protected Credentials	<1:0.1.37-5.0.2.module+el8.1.0+5440+994fc847
H Allocation of Resources Without Limits or Throttling	<1:0.1.32-6.0.1.git1715c90.module+el8.1.0+5459+24f6812a
H Resource Exhaustion	<1:0.1.32-6.0.1.git1715c90.module+el8.1.0+5459+24f6812a
H OS Command Injection	<1:0.1.32-3.0.2.git1715c90.module+el8.0.0+5215+77f672ad

Vulnerability

Vulnerable Version

Information Exposure

<2:1.14.5-3.module+el8.10.0+90449+0b7c8529

Directory Traversal

<2:1.14.5-3.module+el8.10.0+90449+0b7c8529

Link Following

<2:1.14.5-3.module+el8.10.0+90429+ee702c5c

Directory Traversal

<2:1.14.5-3.module+el8.10.0+90429+ee702c5c

Improper Input Validation

<2:1.14.5-3.module+el8.10.0+90429+ee702c5c

CVE-2024-34155

<2:1.14.5-3.module+el8.10.0+90416+5b0f6a17

CVE-2024-34156

<2:1.14.5-3.module+el8.10.0+90416+5b0f6a17

CVE-2024-34158

<2:1.14.5-3.module+el8.10.0+90416+5b0f6a17

CVE-2024-24791

<2:1.14.5-3.module+el8.10.0+90412+9b361f34

CVE-2024-24788

<2:1.14.5-3.module+el8.10.0+90412+9b361f34

CVE-2024-24789

<2:1.14.5-3.module+el8.10.0+90384+a78ffc57

CVE-2023-45290

<2:1.14.5-3.module+el8.10.0+90416+5b0f6a17

CVE-2024-24783

<2:1.14.5-3.module+el8.10.0+90412+9b361f34

Memory Leak

<2:1.14.5-3.module+el8.10.0+90384+a78ffc57

CVE-2024-37298

<2:1.14.5-3.module+el8.10.0+90384+a78ffc57

CVE-2024-24784

<2:1.14.5-3.module+el8.10.0+90412+9b361f34

Improper Validation of Integrity Check Value

<2:1.14.5-3.module+el8.10.0+90384+a78ffc57

Information Exposure Through Log Files

<2:1.14.5-3.module+el8.10.0+90384+a78ffc57

CVE-2024-28176

<2:1.14.3-2.module+el8.10.0+90337+0d7b6e74

CVE-2024-28180

<2:1.14.3-2.module+el8.10.0+90337+0d7b6e74

CVE-2024-24786

<2:1.14.3-2.module+el8.10.0+90337+0d7b6e74

Information Exposure

<2:1.14.3-0.1.module+el8.10.0+90298+77a9814d

Improper Certificate Validation

<2:1.14.3-0.1.module+el8.10.0+90298+77a9814d

Open Redirect

<2:1.14.3-0.1.module+el8.10.0+90298+77a9814d

Improper Validation of Integrity Check Value

<2:1.14.3-0.1.module+el8.10.0+90298+77a9814d

CVE-2021-33198

<2:1.14.5-3.module+el8.10.0+90449+0b7c8529

Improper Check for Unusual or Exceptional Conditions

<2:1.14.3-0.1.module+el8.10.0+90298+77a9814d

Link Following

<2:1.14.3-2.module+el8.10.0+90337+0d7b6e74

CVE-2023-39326

<2:1.6.2-9.module+el8.9.0+90165+ead7974e

Information Exposure

<2:1.14.3-0.1.module+el8.10.0+90298+77a9814d

Exposure of Resource to Wrong Sphere

<2:1.6.2-9.module+el8.9.0+90148+6046e3c3

Allocation of Resources Without Limits or Throttling

<2:1.14.3-0.1.module+el8.10.0+90298+77a9814d

Resource Exhaustion

<2:1.14.3-0.1.module+el8.10.0+90298+77a9814d

CVE-2022-41715

<2:1.14.3-2.module+el8.10.0+90337+0d7b6e74

Cross-site Scripting (XSS)

<2:1.14.3-0.1.module+el8.10.0+90298+77a9814d

HTTP Request Smuggling

<2:1.14.3-2.module+el8.10.0+90337+0d7b6e74

Cross-site Scripting (XSS)

<2:1.14.3-0.1.module+el8.10.0+90298+77a9814d

CVE-2023-39321

<2:1.14.3-0.1.module+el8.10.0+90298+77a9814d

Allocation of Resources Without Limits or Throttling

<2:1.14.3-0.1.module+el8.10.0+90298+77a9814d

Arbitrary Code Injection

<2:1.13.3-1.module+el8.9.0+90021+ce997450

Integer Overflow or Wraparound

<2:1.6.2-8.module+el8.9.0+90044+a34bc939

Resource Exhaustion

<2:1.6.2-8.module+el8.9.0+90044+a34bc939

Allocation of Resources Without Limits or Throttling

<2:1.6.2-8.module+el8.9.0+90044+a34bc939

Resource Exhaustion

<2:1.13.3-1.module+el8.9.0+90021+ce997450

Incorrect Authorization

<2:1.13.3-1.module+el8.9.0+90021+ce997450

CVE-2023-24540

<2:1.13.3-1.module+el8.9.0+90021+ce997450

Cross-site Scripting (XSS)

<2:1.13.3-1.module+el8.9.0+90021+ce997450

CVE-2022-41723

<2:1.13.3-1.module+el8.9.0+90021+ce997450

Resource Exhaustion

<2:1.6.2-8.module+el8.9.0+90044+a34bc939

Interpretation Conflict

<2:1.6.2-9.module+el8.9.0+90086+8f2d6fb1

Allocation of Resources Without Limits or Throttling

<2:1.13.3-1.module+el8.9.0+90021+ce997450

Arbitrary Code Injection

<2:1.13.3-1.module+el8.9.0+90021+ce997450

Arbitrary Code Injection

<2:1.13.3-1.module+el8.9.0+90021+ce997450

Use of Incorrectly-Resolved Name or Reference

<2:1.11.2-0.2.module+el8.8.0+21045+adcb6a64

Link Following

<2:1.6.2-6.module+el8.8.0+20984+ab6ce66c

Improper Preservation of Permissions

<2:1.6.2-6.module+el8.8.0+20984+ab6ce66c

Time-of-check Time-of-use (TOCTOU)

<2:1.6.2-6.module+el8.8.0+20984+ab6ce66c

Allocation of Resources Without Limits or Throttling

<2:1.6.2-6.module+el8.8.0+20984+ab6ce66c

Placement of User into Incorrect Group

<2:1.6.2-6.module+el8.8.0+20984+ab6ce66c

Race Condition

<2:1.9.2-1.module+el8.7.0+20873+328b8baa

Placement of User into Incorrect Group

<2:1.9.3-1.module+el8.7.0+20877+e0f9ac15

Incorrect Default Permissions

<2:1.6.2-5.module+el8.7.0+20872+81cbf159

Access of Resource Using Incompatible Type ('Type Confusion')

<2:1.9.2-1.module+el8.7.0+20873+328b8baa

CVE-2022-27191

<2:1.6.2-5.module+el8.7.0+20872+81cbf159

CVE-2022-27664

<2:1.11.2-0.2.module+el8.8.0+21045+adcb6a64

CVE-2022-32189

<2:1.11.2-0.2.module+el8.8.0+21045+adcb6a64

Allocation of Resources Without Limits or Throttling

<1:1.2.4-2.0.1.module+el8.7.0+20785+0180d035

Uncontrolled Recursion

<2:1.6.2-6.module+el8.8.0+20984+ab6ce66c

Uncontrolled Recursion

<2:1.6.2-6.module+el8.8.0+20984+ab6ce66c

CVE-2022-32148

<2:1.6.2-6.module+el8.8.0+20984+ab6ce66c

Uncontrolled Recursion

<2:1.6.2-6.module+el8.8.0+20984+ab6ce66c

Uncontrolled Recursion

<2:1.6.2-6.module+el8.8.0+20984+ab6ce66c

HTTP Request Smuggling

<2:1.6.2-6.module+el8.8.0+20984+ab6ce66c

Uncontrolled Recursion

<2:1.11.2-0.2.module+el8.8.0+21045+adcb6a64

Uncontrolled Recursion

<2:1.11.2-0.2.module+el8.8.0+21045+adcb6a64

Uncontrolled Recursion

<2:1.6.2-6.module+el8.8.0+20984+ab6ce66c

Use of Insufficiently Random Values

<2:1.11.2-0.2.module+el8.8.0+21045+adcb6a64

Incorrect Default Permissions

<1:1.2.4-1.0.1.module+el8.6.0+20652+6ea35e6f

Allocation of Resources Without Limits or Throttling

<1:1.2.4-2.0.1.module+el8.7.0+20785+0180d035

Improper Privilege Management

<2:1.6.1-2.module+el8.6.0+20656+53f7e955

Incorrect Default Permissions

<2:1.6.1-2.module+el8.6.0+20656+53f7e955

Incorrect Default Permissions

<2:1.6.1-2.module+el8.6.0+20656+53f7e955

Improper Cross-boundary Removal of Sensitive Data

<1:0.1.41-4.0.1.module+el8.5.0+20355+d36cb39d

Improper Locking

<1:1.4.2-0.1.0.1.module+el8.5.0+20416+d687fed7

Origin Validation Error

<1:1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb

NULL Pointer Dereference

<1:1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb

Race Condition

<1:1.2.2-7.0.1.module+el8.4.0+20196+91e9c2ae

Incorrect Authorization

<1:0.1.41-4.0.1.module+el8.3.0+9670+b9fad87d

Improper Cross-boundary Removal of Sensitive Data

<1:1.2.0-9.0.1.module+el8.3.1+9659+c1901784

CVE-2020-10749

<1:1.1.1-3.0.1.module+el8.3.0+7866+f387f528

Out-of-bounds Read

<1:1.1.1-3.0.1.module+el8.3.0+7866+f387f528

Loop with Unreachable Exit Condition ('Infinite Loop')

<1:1.1.1-3.0.1.module+el8.3.0+7866+f387f528

Use After Free

<1:1.0.0-1.0.1.module+el8.2.1+7658+86e51d52

Directory Traversal

<1:0.1.40-9.0.1.module+el8.2.0+7618+3a616245

Use of Incorrectly-Resolved Name or Reference

<1:0.1.40-10.0.1.module+el8.2.0+5584+b2b2d3fb

Files or Directories Accessible to External Parties

<1:0.1.40-10.0.1.module+el8.2.0+5584+b2b2d3fb

Resource Exhaustion

<1:0.1.40-10.0.1.module+el8.2.0+5584+b2b2d3fb

Buffer Overflow

<1:0.1.40-8.0.1.module+el8.1.1+5502+fbec5cc6

Out-of-bounds Write

<1:0.1.40-8.0.1.module+el8.1.1+5502+fbec5cc6

Incorrect Authorization

<1:0.1.37-6.0.1.module+el8.1.0+5460+5d763c32

Improper Handling of Exceptional Conditions

<1:0.1.32-5.0.2.git1715c90.module+el8.1.0+5440+42cffa37

Insufficiently Protected Credentials

<1:0.1.37-5.0.2.module+el8.1.0+5440+994fc847

Allocation of Resources Without Limits or Throttling

<1:0.1.32-6.0.1.git1715c90.module+el8.1.0+5459+24f6812a

Resource Exhaustion

<1:0.1.32-6.0.1.git1715c90.module+el8.1.0+5459+24f6812a

OS Command Injection

<1:0.1.32-3.0.2.git1715c90.module+el8.0.0+5215+77f672ad

skopeo vulnerabilities

Direct Vulnerabilities

How to fix?