Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: None
Affects Version/s: 4.14.z, 4.15.z, 4.17.z, 4.16.z, 4.18.0
Component/s: HyperShift
Labels:
- no-qe
- snyk
- triaged

Regression:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Target Version:

4.18.0

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Error from snyk code test command:

 ✗ [Medium] Path Traversal
   Path: hack/tools/deployment/deployment-update.go, line 118
   Info: Unsanitized input from a CLI argument flows into os.ReadFile, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to read arbitrary files.

 ✗ [Medium] Path Traversal
   Path: hack/tools/deployment/deployment-update.go, line 137
   Info: Unsanitized input from a CLI argument flows into os.WriteFile, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write arbitrary files.

clones

OCPBUGS-41935 Unsanitized input into IgnitionServer from HTTP header

Closed

is cloned by

OCPBUGS-41983 [SNYK] Unsanitized input from a CLI argument flows into os.WriteFile

Closed

Assignee:: Juan Manuel Parrilla Madrid

Reporter:: Juan Manuel Parrilla Madrid

QA Contact:: Jie Zhao

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2024/09/16 9:13 AM

Updated:: 2024/09/17 1:15 PM