What the vulnerability does

01Description

A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution.

Key dates

02Disclosure timeline

March 3, 2022 CVE published
August 3, 2024 Record updated