A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

Affected Packages

Go github.com/containers/image

Affected versions: 0 (fixed in 5.30.1)

Go github.com/containers/image/v5

Affected versions: 5.30.0 (fixed in 5.30.1)

Go github.com/containers/image/v5

Affected versions: 0 (fixed in 5.29.3)

Related CVEs

CVE-2024-3727

Key Information

GHSA ID

GHSA-6wvf-f2vw-3425

Published

May 14, 2024 6:30 PM

Last Modified

February 25, 2025 6:39 PM

CVSS Score

7.5 /10

Primary Ecosystem

Primary Package

github.com/containers/image

GitHub Reviewed

✓ Yes

Dataset

Last updated: June 18, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.