Primary

Context

OSV-SCALIBR Path Traversal Vulnerability Leading to Arbitrary File Write

Vulnerability

A path traversal vulnerability has been identified in OSV-SCALIBR, specifically in the unpacking code for container images. This vulnerability allows for arbitrary file writing on the host system as the OSV-SCALIBR user. The issue arises when the CLI flag --remote-image is used with untrusted container images.

Impact

Exploitation of this vulnerability allows for arbitrary file writing on the host system, which could potentially lead to overwriting critical system files or creating files in sensitive locations.

Remediation

Users can update to OSV-SCALIBR version 0.1.8, which addresses this vulnerability. The updated version is available on the GitHub Releases page for the OSV-SCALIBR repository.

Added: Jun 18, 2025, 9:18 AM

Updated: Jun 18, 2025, 9:18 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.0

exploitability

4.0

remediation

0.0

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OSV-SCALIBR Path Traversal Vulnerability Leading to Arbitrary File Write

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating