CVE-2024-39897: Cache driver GetBlob() allows read access to any blob without access control check

July 9, 2024

Cache driver GetBlob() allows read access to any blob without access control check

References

github.com/advisories/GHSA-55r9-5mx9-qq7r
github.com/project-zot/zot
github.com/project-zot/zot/commit/aaee0220e46bdadd12115ac67c19f9d3153eb1df
github.com/project-zot/zot/security/advisories/GHSA-55r9-5mx9-qq7r
nvd.nist.gov/vuln/detail/CVE-2024-39897

Code Behaviors & Features

Detect and mitigate CVE-2024-39897 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →