CVE-2024-1485 in registry-supportinformazioni

Riassunto

di MITRE • 14/02/2024

A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Responsabile

Red Hat, Inc.

Prenotare

13/02/2024

Divulgazione

14/02/2024

Moderazione

accettato

CPE

pronto

EPSS

0.00942

KEV

no

Attività

molto basso

Fonti

Do you know our Splunk app?

Download it now for free!