VYPR

Go modules package

github.com/devfile/registry-support/registry-library

pkg:golang/github.com/devfile/registry-support/registry-library

Vulnerabilities (1)

  • CVE-2024-1485HigFeb 14, 2024
    affected < 0.0.0-20240206fixed 0.0.0-20240206

    A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup p