Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:golang/github.com/opencontainers/image-spec@1.0.2
Typegolang
Namespacegithub.com/opencontainers
Nameimage-spec
Version1.0.2
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-dbme-xuy9-pyec
vulnerability_id VCID-dbme-xuy9-pyec
summary 
Clarify `mediaType` handling
### Impact
In the OCI Image Specification version 1.0.1 and prior, manifest and index documents are not self-describing and documents with a single digest could be interpreted as either a manifest or an index.

### Patches
The Image Specification will be updated to recommend that both manifest and index documents contain a `mediaType` field to identify the type of document.
Release [v1.0.2](https://github.com/opencontainers/image-spec/releases/tag/v1.0.2) includes these updates.

### Workarounds
Software attempting to deserialize an ambiguous document may reject the document if it contains both “manifests” and “layers” fields or “manifests” and “config” fields.

### References
https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m

### For more information
If you have any questions or comments about this advisory:
* Open an issue in https://github.com/opencontainers/image-spec
* Email us at [security@opencontainers.org](mailto:security@opencontainers.org)
* https://github.com/opencontainers/image-spec/commits/v1.0.2
references
0
reference_url https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m
reference_id
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/opencontainers/distribution-spec/security/advisories/GHSA-mc8v-mgrf-8f4m
1
reference_url https://github.com/opencontainers/image-spec
reference_id
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/opencontainers/image-spec
2
reference_url https://github.com/opencontainers/image-spec/commit/693428a734f5bab1a84bd2f990d92ef1111cd60c
reference_id
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/opencontainers/image-spec/commit/693428a734f5bab1a84bd2f990d92ef1111cd60c
3
reference_url https://github.com/opencontainers/image-spec/releases/tag/v1.0.2
reference_id
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/opencontainers/image-spec/releases/tag/v1.0.2
4
reference_url https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh
reference_id
reference_type
scores
0
value 3.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh
fixed_packages
0
url pkg:golang/github.com/opencontainers/image-spec@1.0.2
purl pkg:golang/github.com/opencontainers/image-spec@1.0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/opencontainers/image-spec@1.0.2
aliases GHSA-77vh-xpmg-72qh
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dbme-xuy9-pyec
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:golang/github.com/opencontainers/image-spec@1.0.2