Type Confusion Affecting github.com/containers/image/v5/manifest Open this link in a new tab package, versions <5.17.0
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
How to fix?
A fix was pushed into the
master branch but not yet published.
github.com/containers/image/v5/manifest is a package that works with containers' images.
Affected versions of this package are vulnerable to Type Confusion. Documents that contain both “manifests” and “layers” fields can be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changes between two pulls of the same digest, a client may interpret the resulting content differently.