GO-2021-0081
- Source
- https://pkg.go.dev/vuln/GO-2021-0081
- Import Source
- https://vuln.go.dev/ID/GO-2021-0081.json
- JSON Data
- https://api.osv.dev/v1/vulns/GO-2021-0081
- Aliases
- Published
- 2021-04-14T20:04:52Z
- Modified
- 2024-05-20T16:03:47Z
- Summary
- Insufficiently Protected Credentials in github.com/containers/image
- Details
-
The HTTP client used to connect to the container registry authorization service explicitly disables TLS verification, allowing an attacker that is able to MITM the connection to steal credentials.
- References
Affected packages
Go / github.com/containers/image
Package
- Name
- github.com/containers/image
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/containers/image
Affected ranges
- Type
- SEMVER
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.0.2-0.20190802080134-634605d06e73+incompatible
Ecosystem specific
{
"imports": [
{
"path": "github.com/containers/image/docker",
"symbols": [
"CheckAuth",
"GetRepositoryTags",
"Image.GetRepositoryTags",
"NewReference",
"ParseReference",
"SearchRegistry",
"dockerClient.getBearerToken",
"dockerImageDestination.PutBlob",
"dockerImageDestination.PutManifest",
"dockerImageDestination.PutSignatures",
"dockerImageDestination.SupportsSignatures",
"dockerImageDestination.TryReusingBlob",
"dockerImageSource.GetBlob",
"dockerImageSource.GetManifest",
"dockerImageSource.GetSignatures",
"dockerReference.DeleteImage",
"dockerReference.NewImage",
"dockerReference.NewImageDestination",
"dockerReference.NewImageSource",
"dockerReference.PolicyConfigurationIdentity",
"dockerTransport.ParseReference"
]
}
]
}