Type Confusion Affecting github.com/containers/image/manifest package, versions <5.17.0
Attack Complexity
High
User Interaction
Required
Scope
Changed
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications-
snyk-id
SNYK-GOLANG-GITHUBCOMCONTAINERSIMAGEMANIFEST-1922833
-
published
19 Nov 2021
-
disclosed
18 Nov 2021
-
credit
Unknown
Introduced: 18 Nov 2021
CVE-2021-41190 Open this link in a new tabHow to fix?
Upgrade github.com/containers/image/manifest to version 5.17.0 or higher.
Overview
github.com/containers/image/manifest is a package that works with containers' images.
Affected versions of this package are vulnerable to Type Confusion. Documents that contain both “manifests” and “layers” fields can be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changes between two pulls of the same digest, a client may interpret the resulting content differently.