CVE-2024-0406

SOURCE - github

Summary

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.

EPSS Score⁠: 0.00044 (0.111)

Common Weakness Enumeration (CWE)

SOURCE - nist

CWE-22⁠

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

SOURCE - github

CWE-22⁠

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

SOURCE - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-22⁠

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

SOURCE - redhat

CWE-22⁠

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Impacted images

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.