[GO-2022-0230] Improper limitation of path name in github.com/containernetworking/cni
Severity
High
Affected Packages
1
Fixed Packages
1
CVEs
1
The FindInPath function is vulnerable to directory traversal attacks,
potentially permitting attackers to execute arbitrary binaries.
This function does not sanitize its plugin parameter, so parameter names
containing "../" or other such elements may reference arbitrary locations on the
filesystem.
Package | Affected Version |
---|---|
pkg:golang/github.com/containernetworking/cni/pkg/invoke | >= 0.8.0, < 0.8.1 |
Package | Fixed Version |
---|---|
pkg:golang/github.com/containernetworking/cni/pkg/invoke | = 0.8.1 |
- ID
- GO-2022-0230
- Severity
- high
- Severity from
- CVE-2021-20206
- URL
- https://pkg.go.dev/vuln/GO-2022-0230
- Published
-
2022-08-12T17:19:52
(2 years ago) - Modified
-
2024-05-14T19:19:00
(4 months ago) - Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
Security Advisory | https://github.com/advisories/GHSA-xjqr-g762-pxwp |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Fixed | pkg:golang/github.com/containernetworking/cni/pkg/invoke | github.com/containernetworking/cni/pkg | invoke | = 0.8.1 | |||
Affected | pkg:golang/github.com/containernetworking/cni/pkg/invoke | github.com/containernetworking/cni/pkg | invoke | >= 0.8.0 < 0.8.1 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |