quay/claircore on GitHub
foundation modules for scanning container packages and reporting vulnerabilities
CVE History
CVE | Published | CVSS v2 | CVSS v3 |
---|---|---|---|
CVE-2021-3762 | 9.8 CRITICAL | 7.5 HIGH | |
A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution. |