Advisory Database
  • Advisories
  • Dependency Scanning
  1. golang
  2. ›
  3. github.com/containerd/containerd
  4. ›
  5. GMS-2021-175

GMS-2021-175: Ambiguous OCI manifest parsing

November 18, 2021

In the OCI Distribution Specification version 1.0.0 and prior and in the OCI Image Specification version 1.0.1 and prior, manifest and index documents are ambiguous without an accompanying Content-Type HTTP header.

References

  • github.com/advisories/GHSA-5j5w-g665-5m35
  • github.com/containerd/containerd/releases/tag/v1.4.12
  • github.com/containerd/containerd/releases/tag/v1.5.8
  • github.com/containerd/containerd/security/advisories/GHSA-5j5w-g665-5m35
  • github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m
  • github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh

Code Behaviors & Features

Detect and mitigate GMS-2021-175 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions before 1.4.12, all versions starting from 1.5.0 before 1.5.8

Fixed versions

  • 1.4.12
  • 1.5.8

Solution

Upgrade to versions 1.4.12, 1.5.8 or above.

Source file

go/github.com/containerd/containerd/GMS-2021-175.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Wed, 14 May 2025 12:15:06 +0000.