VulnerableCode Package Details - pkg:deb/debian/golang-github-containers-image@5.10.3-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
VCID-52c5-4udv-jydb Aliases: CVE-2024-3727 GHSA-6wvf-f2vw-3425	github.com/containers/image allows unexpected authenticated registry accesses A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.	5.29.3-1 Affected by 0 other vulnerabilities. 5.34.2-1 Affected by 0 other vulnerabilities. 5.39.1-3 Affected by 0 other vulnerabilities. 5.39.2-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-52c5-4udv-jydb
Aliases:
CVE-2024-3727
GHSA-6wvf-f2vw-3425

github.com/containers/image allows unexpected authenticated registry accesses A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.

5.29.3-1
Affected by 0 other vulnerabilities.

5.34.2-1
Affected by 0 other vulnerabilities.

5.39.1-3
Affected by 0 other vulnerabilities.

5.39.2-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-at1e-t3kt-17bg	containers/image library Insufficiently Protects Credentials The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.	CVE-2019-10214 GHSA-85p9-j7c9-v4gr

Vulnerability

Summary

Aliases

VCID-at1e-t3kt-17bg

containers/image library Insufficiently Protects Credentials The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens.

CVE-2019-10214
GHSA-85p9-j7c9-v4gr

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T09:37:10.696623+00:00	Debian Importer	Fixing	VCID-at1e-t3kt-17bg	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T12:48:46.323022+00:00	Debian Importer	Affected by	VCID-52c5-4udv-jydb	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:24:13.701897+00:00	Debian Importer	Fixing	VCID-at1e-t3kt-17bg	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:25:41.743568+00:00	Debian Importer	Affected by	VCID-52c5-4udv-jydb	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:25:41.711013+00:00	Debian Importer	Fixing	VCID-at1e-t3kt-17bg	https://security-tracker.debian.org/tracker/data/json	38.1.0