2025-06-18 08:28:02
PUBLISHED
Arbitrary file write as the OSV-SCALIBR user on the host system via a path traversal vulnerability when using OSV-SCALIBRs unpack() function for container images. Particularly, when using the CLI flag --remote-image on untrusted container images.