Advisories for Golang/Github.com/Opencontainers/Distribution-Spec/Specs-Go package

2021

Access of Resource Using Incompatible Type ('Type Confusion')

The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifests” and “layers” fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If …