Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Stereoscope
(Anchore)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 1 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2024-01-31 | CVE-2024-24579 | stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary directory. Specifically, use of `github.com/anchore/stereoscope/pkg/file.UntarToDirectory()` function, the `github.com/anchore/stereoscope/pkg/image/oci.TarballImageProvider` struct, or the higher level... | Stereoscope | 9.8 |