CVE-2021-3762

Summary

A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution.

Affected Software

VendorProductVersion RangeStatus
n/aquay/claircore`Affects v0.4.6 and higher, v0.5.3 and higherFixedin claircore v0.4.8, v0.5.5.`

Weaknesses

  • CWE-22: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADP Enrichment

CVE Program Container

Additional References

References