VulnerableCode Package Details - pkg:alpm/archlinux/containerd@1.5.8-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-e4bk-d465-juhk	Clarify Content-Type handling ### Impact In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifests” and “layers” fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently. ### Patches The OCI Distribution Specification will be updated to require that a `mediaType` value present in a manifest or index match the Content-Type header used during the push and pull operations. ### Workarounds Clients pulling from a registry may distrust the Content-Type header and reject an ambiguous document that contains both “manifests” and “layers” fields or “manifests” and “config” fields. ### References https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh ### For more information If you have any questions or comments about this advisory: * Open an issue in https://github.com/opencontainers/distribution-spec/ * Email us at security@opencontainers.org	CVE-2021-41190 GHSA-mc8v-mgrf-8f4m

Vulnerability

Summary

Aliases

VCID-e4bk-d465-juhk

Clarify Content-Type handling ### Impact In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both “manifests” and “layers” fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently. ### Patches The OCI Distribution Specification will be updated to require that a `mediaType` value present in a manifest or index match the Content-Type header used during the push and pull operations. ### Workarounds Clients pulling from a registry may distrust the Content-Type header and reject an ambiguous document that contains both “manifests” and “layers” fields or “manifests” and “config” fields. ### References https://github.com/opencontainers/image-spec/security/advisories/GHSA-77vh-xpmg-72qh ### For more information If you have any questions or comments about this advisory: * Open an issue in https://github.com/opencontainers/distribution-spec/ * Email us at security@opencontainers.org

CVE-2021-41190
GHSA-mc8v-mgrf-8f4m

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T18:26:29.628770+00:00	Arch Linux Importer	Fixing	VCID-e4bk-d465-juhk	https://security.archlinux.org/AVG-2573	38.0.0

2026-04-01T18:26:29.628770+00:00

Arch Linux Importer

Fixing

VCID-e4bk-d465-juhk

https://security.archlinux.org/AVG-2573

38.0.0