<p>Upgrade <code>Wolfi</code> <code>kubescape</code> to version 3.0.10-r0 or higher.</p>

Directory Traversal Affecting kubescape package, versions <3.0.10-r0

Snyk CVSS

NVD CVSS Score is not yet available. When available we recommend using the distro's own rating score.

Threat Intelligence

EPSS 0.04% (11^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-WOLFILATEST-KUBESCAPE-6811541
published 7 May 2024
disclosed 6 Apr 2024

Report a new vulnerability Found a mistake?

Introduced: 6 Apr 2024

CVE-2024-0406 Open this link in a new tab CWE-22 Open this link in a new tab

How to fix?

Upgrade Wolfi kubescape to version 3.0.10-r0 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream kubescape package and not the kubescape package as distributed by Wolfi. See How to fix? for Wolfi relevant fixed versions and status.

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.