Arbitrary File Overwrite

2019-10-2909:34:54

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

48.3%

JSON

github.com/containers/libpod is vulnerable to arbitrary file overwrite. The vulnerability exists as it does not properly perform symlink processing and wild-card characters parsing, allowing for overwriting of existing files when an undesired glob operation occurs.

CPENameOperatorVersion
github.com/containers/libpodeqHEAD
github.com/containers/libpodle1.5.1

CPE	Name	Operator	Version
	github.com/containers/libpod	eq	HEAD
	github.com/containers/libpod	le	1.5.1

References

access.redhat.com/errata/RHSA-2019:4269

bugzilla.redhat.com/show_bug.cgi?id=1744588

github.com/containers/libpod/commit/5c09c4d2947a759724f9d5aef6bac04317e03f7e

github.com/containers/libpod/compare/v1.5.1...v1.6.0

github.com/containers/libpod/issues/3829

0.001 Low

EPSS

Percentile

48.3%

JSON

Related for VERACODE:21788