Sign In

CVE-2024-0406

SOURCE - github

Summary

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.

EPSS Score: 0.00044 (0.111)

Common Weakness Enumeration (CWE)

SOURCE - nist

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

SOURCE - github

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

SOURCE - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

SOURCE - redhat

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Sources (15)

Impacted images

NIST

CREATED

UPDATED

SOURCE IDCVE-2024-0406
EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-22

CVSS SCORE

6.1medium

GitHub

CREATED

UPDATED

SOURCE IDGHSA-rhh4-rh7c-7r5v
EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-22

CVSS SCORE

6.1medium

GoLang

CREATED

UPDATED

SOURCE IDGO-2024-2698
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

GitLab

CREATED

UPDATED

SOURCE ID

CVE-2024-0406

EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1035CWE-22CWE-937

CVSS SCORE

6.1medium

Red Hat

CREATED

UPDATED

SOURCE IDCVE-2024-0406
EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-22

CVSS SCORE

6.1medium

Chainguard

CREATED

UPDATED

SOURCE ID

CGA-55pr-9882-vgv5

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED

UPDATED

SOURCE ID

CGA-5rc5-xj4h-cjrv

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED

UPDATED

SOURCE ID

CGA-6p96-qff9-wmqm

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED

UPDATED

SOURCE ID

CGA-f9fw-4v87-xm62

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED

UPDATED

SOURCE ID

CGA-hrv2-593j-5xx2

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED

UPDATED

SOURCE ID

CGA-m5hf-w83m-p7mx

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED

UPDATED

SOURCE ID

CGA-mqjp-fwh2-h735

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED

UPDATED

SOURCE ID

CGA-rh9h-g56c-vxq8

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED

UPDATED

SOURCE ID

CGA-w4pj-7pv6-3fg6

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE

Chainguard

CREATED

UPDATED

SOURCE ID

CGA-76gw-vx4w-rpmm

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE