Path Traversal in Buildah
High severity
GitHub Reviewed
Published
May 18, 2021
to the GitHub Advisory Database
•
Updated Dec 12, 2024
Description
Reviewed
May 7, 2021
Published to the GitHub Advisory Database
May 18, 2021
Last updated
Dec 12, 2024
A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions.
Specific Go Packages Affected
github.com/containers/buildah/imagebuildah
References