Home > Vulnerability Database > WS-2021-0427

Mend.io Vulnerability Database

WS-2021-0427

Good to know:

Date: November 18, 2021

In the OCI Distribution Specification version 1.0.0 and prior and in the OCI Image Specification version 1.0.1 and prior, manifest and index documents are ambiguous without an accompanying Content-Type HTTP header. Versions of containerd prior to 1.4.12 and 1.5.8 treat the Content-Type header as trusted and deserialize the document according to that header. If the Content-Type header changed between pulls of the same ambiguous document (with the same digest), the document may be interpreted differently, meaning that the digest alone is insufficient to unambiguously identify the content of the image.

Language: Go

Severity Score

3.0

Related Resources (2)

Url: https://github.com/containerd/containerd/commit/db00065a969a983ceb0a409833f93f705f284ea4

Url: https://www.mend.io/vulnerability-database/WS-2021-0427

Severity Score

3.0

Weakness Type (CWE)

OS Command Injections

CWE-78

Top Fix

Upgrade Version

Upgrade to version solidus_core - 2.11.12, 3.0.3, 3.1.3

Learn More

CVSS v3.1

Base Score:	3.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2021-0427

Good to know:

Date: November 18, 2021

Language: Go

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?