Vulnerability Report: GO-2022-0230

CVE-2021-20206, GHSA-xjqr-g762-pxwp
Affects: github.com/containernetworking/cni
Published: Jul 01, 2022
Modified: Jun 12, 2023

The FindInPath function is vulnerable to directory traversal attacks, potentially permitting attackers to execute arbitrary binaries. This function does not sanitize its plugin parameter, so parameter names containing "../" or other such elements may reference arbitrary locations on the filesystem.

Affected Packages

Path

Versions

Symbols
github.com/containernetworking/cni/pkg/invoke

before v0.8.1
5 affected symbols

Aliases

CVE-2021-20206
GHSA-xjqr-g762-pxwp

References

https://github.com/containernetworking/cni/pull/808
https://bugzilla.redhat.com/show_bug.cgi?id=1919391
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMCONTAINERNETWORKINGCNIPKGINVOKE-1070549
https://vuln.go.dev/ID/GO-2022-0230.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL