Container
Monthly
Path traversal in the ArchiveReader.extractContents() function used by container image load operations allows local attackers to write arbitrary files to any user-writable location on the system by crafting malicious archives with relative pathnames. Public exploit code exists for this vulnerability, and affected users cannot currently patch as fixes are only available in container 0.8.0 and containerization 0.21.0. The vulnerability requires local access and user interaction but carries high severity due to potential for file overwrite and system compromise.
Path traversal in the ArchiveReader.extractContents() function used by container image load operations allows local attackers to write arbitrary files to any user-writable location on the system by crafting malicious archives with relative pathnames. Public exploit code exists for this vulnerability, and affected users cannot currently patch as fixes are only available in container 0.8.0 and containerization 0.21.0. The vulnerability requires local access and user interaction but carries high severity due to potential for file overwrite and system compromise.