Medium severity6.1NVD Advisory· Published Jun 12, 2018· Updated Jun 17, 2026
CVE-2018-1103
CVE-2018-1103
Description
Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/openshift/source-to-imageGo | < 1.1.10-0.20180427153919-f5cbcbc5cc6f | 1.1.10-0.20180427153919-f5cbcbc5cc6f |
Affected products
2- ghsa-coordsRange: < 1.1.10-0.20180427153919-f5cbcbc5cc6f
- Openshift Enterprise/unsanitized paths in tar.gov5Range: source-to-image 1.1.10
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-w55j-f7vx-6q37ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-1103ghsaADVISORY
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingWEB
- github.com/openshift/source-to-image/commit/f5cbcbc5cc6f8cc2f479a7302443bea407a700cbghsaWEB
- github.com/openshift/source-to-image/pull/870ghsaWEB
- hansmi.ch/articles/2018-04-openshift-s2i-securityghsaWEB
- pkg.go.dev/vuln/GO-2020-0026ghsaWEB
- snyk.io/research/zip-slip-vulnerabilityghsaWEB
News mentions
0No linked articles in our index yet.