Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

How to fix?

Upgrade github.com/opencontainers/image-spec/specs-go/v1 to version 1.0.2 or higher.


Affected versions of this package are vulnerable to Type Confusion. Documents that contain both “manifests” and “layers” fields can be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changes between two pulls of the same digest, a client may interpret the resulting content differently.