commit dee947d0775e2302013da34d105078a346e06126
author renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Mon Aug 19 11:17:21 2024 +0000
committer GitHub <noreply@github.com> Mon Aug 19 11:17:21 2024 +0000
tree eb9c36c37bf269bf87f8a0bdd8fef059f83c3c71
parent f2ad2894ac834108993ce654784634d4134ce0d1

chore(deps): update module github.com/containers/image/v5 to v5.30.1 [security] (#1743)

This PR contains the following updates:



Package
Change
Age
Adoption
Passing
Confidence




github.com/containers/image/v5
v5.30.0 -> v5.30.1








WarningSome dependencies could not be looked up. Check the warning logs for more information.

GitHub Vulnerability Alerts
CVE-2024-3727
A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

Release Notes

containers/image (github.com/containers/image/v5)
v5.30.1
Compare Source
This fixes CVE-2024-3727 .
Digest values used throughout this library were not always validated. That allowed attackers to trigger, when pulling untrusted images, unexpected authenticated registry accesses on behalf of a victim user.
In less common uses of this library (using other transports or not using the containers/image/v5/copy.Image API), an attacker could also trigger local path traversals or crashes.


Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.


 If you want to rebase/retry this PR, check this box


This PR was generated by Mend Renovate. View the repository job log.