VDB
GHSA-5J5W-G665-5M35
GHSA-5J5W-G665-5M35
PUBLISHED
CVSS 8.600000381469727 HIGH
Ambiguous OCI manifest parsing
Risk Scores
CVSS 4.0
8.600000381469727
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | containerd/containerd | 0, 1.5.0, 1.5.0 |
| Go | github.com/containerd/containerd | 1.5.0, 0 |
| github.com | containerd/containerd | 1.5.0, 0, 1.5.0 |
Timeline
- Nov 18, 2021 CVE Published
- Mar 30, 2023 CVE Updated
References
- https://github.com/containerd/containerd/security/advisories/GHSA-5j5w-g665-5m35 url
- https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m url
- https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh url
- https://github.com/containerd/containerd product
- GitHub Advisory GHSA-5j5w-g665-5m35 vendor-advisory
- https://github.com/containerd/containerd/commit/26c76a3014e71af5ad2f396ec76e0e0ecc8e25a3 url
- https://github.com/containerd/containerd/commit/db00065a969a983ceb0a409833f93f705f284ea4 url
- https://github.com/containerd/containerd/releases/tag/v1.4.12 url
- https://github.com/containerd/containerd/releases/tag/v1.5.8 url