CVE-2021-3762

Name of the Vulnerable Software and Affected Versions Clair versions (affected versions not specified)

Description A directory traversal issue in the ClairCore engine allows an attacker to exploit the system by providing a crafted container image. When scanned by Clair, this can lead to arbitrary file write on the filesystem, potentially enabling remote code execution. Additionally, a maliciously crafted RPM file can cause the Scanner.Scan function to write files with arbitrary contents to arbitrary locations on the local filesystem.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.