Go modules package
github.com/devfile/registry-support/registry-library
pkg:golang/github.com/devfile/registry-support/registry-library
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-1485 | Hig | 8.0 | < 0.0.0-20240206 | 0.0.0-20240206 | Feb 14, 2024 | A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup p |
- affected < 0.0.0-20240206fixed 0.0.0-20240206
A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup p