Name of the Vulnerable Software and Affected Versions distribution versions prior to 2.8.3

Description The issue is related to several problems in the distribution package, including the parsing of errors as JSON, the handling of HTTP request bodies, and the deprecation of certain functions and packages. The update to version 2.8.3 addresses these issues by passing the BUILDTAGS argument to go build, enabling Go build tags, replacing the deprecated SplitHostname function, and updating to Go 1.20.8. Additionally, the Content-Type header is set in the registry client ReadFrom, and the reference package is deprecated in favor of github.com/distribution/reference. The digestset package is also deprecated in favor of go-digest/digestset.

Recommendations Update to distribution version 2.8.3 to resolve the issues. As a temporary workaround, consider disabling the ReadFrom function in the registry client until the update is applied. Restrict access to the reference package and migrate to github.com/distribution/reference to minimize the risk of exploitation. Avoid using the digestset package until the update is applied.