CVE-2021-41087

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in go/github.com/in-toto/in-toto-golang

Identifier

CVE-2021-41087

Package Slug

go/github.com/in-toto/in-toto-golang

Vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description

in-toto-golang is a go implementation of the in-toto framework to protect software supply chain integrity. within a trusted set of users for a layout) are able to create attestations that may bypass DISALLOW rules in the same layout.

Affected Versions

All versions before 0.3.0

Solution

Upgrade to version v0.3.1 or above.

Last Modified

2021-10-10

source