CVE-2021-3762
published 2022-03-03CVE-2021-3762: A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | quay_claircore | >= 0 < 0.4.8 | 0.4.8 |
| github.com | quay_claircore | >= 0 < 1.1.0 | 1.1.0 |
| github.com | quay_claircore | >= 0.5.0 < 0.5.5 | 0.5.5 |
| github.com | quay_claircore | >= 1.0.0 < 1.1.0 | 1.1.0 |
| quay | claircore | — | — |
| redhat | clair | >= 0.4.6 < 0.4.8 | 0.4.8 |
| redhat | clair | >= 0.5.3 < 0.5.5 | 0.5.5 |
| redhat | quay | — | — |