bitnami-mongodb-7.0.21-2_linux_amd64

digest	sha256:c347474e6488832564a6ce3d1870056f52aa4e7123bb85ce391a60c0b4ecdf18
vulnerabilities
platform	linux/amd64
size	237 MB
packages	674

tar-fs 2.1.3 (npm) pkg:npm/tar-fs@2.1.3 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Affected range >=2.0.0 <2.1.4 Fixed version 2.1.4 CVSS Score 8.7 CVSS Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N EPSS Score 0.066% EPSS Percentile 21st percentile Description Impact v3.1.0, v2.1.3, v1.16.5 and below Patches Has been patched in 3.1.1, 2.1.4, and 1.16.6 Workarounds You can use the ignore option to ignore non files/directories. ignore (_, header) { // pass files & directories, ignore e.g. symlinks return header.type !== 'file' && header.type !== 'directory' } Credit Reported by: Mapta / BugBunny_ai

stdlib 1.24.4 (golang) pkg:golang/stdlib@1.24.4 Affected range >=1.24.0 <1.24.6 Fixed version 1.24.6 EPSS Score 0.022% EPSS Percentile 4th percentile Description If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.