CNNVD-202601-4859 Information
CNNVD ID
CNNVD-202601-4859
Related CVE
- CNNVD Published: 2026-01-29
Description (Chinese)
malcontent是Chainguard开源的一个供应链攻击检测工具。 malcontent 1.20.3之前版本存在安全漏洞,该漏洞源于扫描特制tar或deb归档时可能创建预期提取目录外的符号链接。
Description (English)
Mallcontent is a supply chain attack detection tool for the open source of Chainguard. There is a security loophole in the pre-malcontent 1.203 version, which stems from the possibility of creating a symbol link outside the expected extraction directory when scanning a special-made tar or Deb archive.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Chainguard
Published
2026-01-29
Last Modified
2026-02-24
References
https://github.com/chainguard-dev/malcontent/commit/259fca5abc004f3ab238895463ef280a87f30e96 https://github.com/chainguard-dev/malcontent/commit/a7dd8a5328ddbaf235568437813efa7591e00017 https://github.com/chainguard-dev/malcontent/security/advisories/GHSA-923j-vrcg-hxwh
Patch
https://gitlab.freedesktop.org/pwithnall/malcontent
Share on: