CVE-2024-24579
Path traversal in github.com/anchore/stereoscope
5.3
MEDIUM
CVSS 3.1
EPSS 0.07%
Description
It is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary directory.
How to fix CVE-2024-24579
To remediate CVE-2024-24579, upgrade the affected package to a fixed version below.
- Go/github.com/anchore/stereoscope—upgrade to 0.0.1 or later
- —upgrade to 0.0.1 or later
Is CVE-2024-24579 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.0.1
- from 0, < 0.0.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L |