Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary directory. Stereoscope is a go library for processing container images and simulating a squash filesystem. There are no known workarounds for this vulnerability. This issue has been addressed in MSS version 8.3.3. to `filename` and so the attacker may be able to gain access to other files on the host filesystem. So it is possible for an attacker to manipulate the file being read by assigning a value containing. However, `filename` is a route parameter that can capture path type values i.e. The `filename` variable is joined with other variables to form a file path in `_file`. By modifying file paths, an attacker can acquire sensitive information from different resources. In file: `index.py`, there is a method that is vulnerable to path manipulation attack. MSS (Mission Support System) is an open source package designed for planning atmospheric research flights.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |