Search for packages
| purl | pkg:rpm/redhat/buildah@1.11.6-11?arch=el7_8 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2h42-q2a4-xba5
Aliases: CVE-2020-1702 |
containers/image: Container images read entire image manifest into memory | There are no reported fixed by versions. |
|
VCID-m52k-wfyn-mubf
Aliases: CVE-2020-10696 GHSA-fx8w-mjvm-hvpc |
Path Traversal in Buildah A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has permissions. ### Specific Go Packages Affected github.com/containers/buildah/imagebuildah | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:14:02.900513+00:00 | RedHat Importer | Affected by | VCID-2h42-q2a4-xba5 | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1702.json | 38.0.0 |
| 2026-04-01T14:09:28.625263+00:00 | RedHat Importer | Affected by | VCID-m52k-wfyn-mubf | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10696.json | 38.0.0 |