manifest Open this link in a new tab package, versions <v5.17.0

Although NVD CVSS Score is :3 (Medium), when available we recommend using the distro's own rating score.

Social Trends

Trending on Twitter Open this link in a new tab
Attack Complexity

High
User Interaction

Required
Scope

Changed

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

snyk-id

SNYK-GOLANG-GITHUBCOMCONTAINERSIMAGEMANIFEST-1922833
published

19 Nov 2021
disclosed

18 Nov 2021
credit

Unknown
cwe

CWE-843 Open this link in a new tab
cve

CVE-2021-41190 Open this link in a new tab

Report a new vulnerability Found a mistake?

Introduced: 18 Nov 2021

New CVE-2021-41190 Open this link in a new tab CWE-843 Open this link in a new tab

How to fix?

Upgrade github.com/containers/image/manifest to version v5.17.0 or higher.

Overview

github.com/containers/image/manifest is a package that works with containers' images.

Affected versions of this package are vulnerable to Type Confusion. Documents that contain both “manifests” and “layers” fields can be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changes between two pulls of the same digest, a client may interpret the resulting content differently.

Type Confusion Affecting github.com/containers/image/manifest Open this link in a new tab package, versions <v5.17.0

Social Trends

Attack Complexity

User Interaction

Scope

snyk-id

published

disclosed

credit

cwe

cve

Introduced: 18 Nov 2021

How to fix?

Overview

References