CVE-2025-5981

Sažetak

Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBR's unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images.

Reference

https://github.com/google/osv-scalibr/commit/2444419b1818c2d6917fc3394c947fb3276e9d59
https://github.com/google/osv-scalibr/releases/tag/v0.1.8

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

18-06-2025 - 13:46

Objavljeno

18-06-2025 - 09:15