CVE-2021-3762

Published
View on NVD ↗
CVSS v3
9.8
CRITICAL
CVSS v2
7.5
HIGH
Affected
2
PROJECTS

Description

A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution.

quay/clair
quay/clair
Vulnerability Static Analysis for Containers
GitHubGitHub
11K
quay/claircore
quay/claircore
foundation modules for scanning container packages and reporting vulnerabilities
GitHubGitHub
151