SecBoard
Zurück zur CVE-Übersicht

CVE-2026-50151

HIGH(7.5)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Risk Signal Score29/100 — MITTEL
  • CVSS 7.5 — Hoch
  • Weniger als 24 Stunden alt

Beschreibung

oras-go is a Go library for managing OCI artifacts. Prior to 2.6.1, registry/remote/repository.go in blobStore.completePushAfterInitialPost follows a registry-controlled Location header during monolithic blob upload and reuses the Authorization header from the initial POST request for the subsequent PUT request, allowing a malicious registry to return a cross-host Location and receive the caller's credentials at an attacker-controlled endpoint. This issue is fixed in version 2.6.1.

GitHub Advisories

GHSA-jxpm-75mh-9fp7HIGH

oras-go blob upload vulnerable to credential forwarding via unvalidated Location header

go/oras.land/oras-go/v22.6.1
GitHub Advisory

Referenzen