GMS-2021-175: Ambiguous OCI manifest parsing
In the OCI Distribution Specification version 1.0.0 and prior and in the OCI Image Specification version 1.0.1 and prior, manifest and index documents are ambiguous without an accompanying Content-Type HTTP header.
References
- github.com/advisories/GHSA-5j5w-g665-5m35
- github.com/containerd/containerd/releases/tag/v1.4.12
- github.com/containerd/containerd/releases/tag/v1.5.8
- github.com/containerd/containerd/security/advisories/GHSA-5j5w-g665-5m35
- github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m
- github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh
Detect and mitigate GMS-2021-175 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →