Type Confusion Affecting github.com/containers/image/v5/manifest Open this link in a new tab package, versions <5.17.0


0.0
low
  • Attack Complexity

    High

  • User Interaction

    Required

  • Scope

    Changed

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-GOLANG-GITHUBCOMCONTAINERSIMAGEV5MANIFEST-1922834

  • published

    19 Nov 2021

  • disclosed

    18 Nov 2021

  • credit

    Unknown

How to fix?

Upgrade github.com/containers/image/v5/manifest to version 5.17.0 or higher.

Overview

github.com/containers/image/v5/manifest is a package that works with containers' images.

Affected versions of this package are vulnerable to Type Confusion. Documents that contain both “manifests” and “layers” fields can be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changes between two pulls of the same digest, a client may interpret the resulting content differently.