CVE-2021-41190LOW≥ 0, < 1.0.12021-11-18
CVE-2021-41190 [LOW] CWE-843 Clarify Content-Type handling
Clarify Content-Type handling
### Impact
In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifests” and “layers” fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the sam
ghsaosv