CVE-2020-14040 (High) detected in github.com/docker/distribution-35f1369d377054088c4c2e9079ddbb6c1375105d

## CVE-2020-14040 - High Severity Vulnerability
<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/vulnerability_details.png' width=19 height=20> Vulnerable Library - github.com/docker/distribution-35f1369d377054088c4c2e9079ddbb6c1375105d</summary>

The toolkit to pack, ship, store, and deliver container content


Dependency Hierarchy:
 - helm.sh/helm/v3/pkg/action-v3.5.2 (Root Library)
 - helm.sh/helm/v3/internal/experimental/registry-v3.5.2
 - github.com/deislabs/oras/pkg/auth-v0.9.0
 - github.com/docker/docker/registry-v20.10.3
 - github.com/docker/distribution/registry/client/auth-35f1369d377054088c4c2e9079ddbb6c1375105d
 - github.com/docker/distribution/registry/client-35f1369d377054088c4c2e9079ddbb6c1375105d
 - github.com/docker/distribution/registry/storage/cache/memory-35f1369d377054088c4c2e9079ddbb6c1375105d
 - :x: **github.com/docker/distribution-35f1369d377054088c4c2e9079ddbb6c1375105d** (Vulnerable Library)
Found in HEAD commit: <a href="https://github.com/criticalstack/ui/commit/3f81d12ed6fb2bfa97132e2cfe0df6d996e1465a">3f81d12ed6fb2bfa97132e2cfe0df6d996e1465a</a>
Found in base branch: main

</details>

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/high_vul.png' width=19 height=20> Vulnerability Details</summary>
 
 
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.

Publish Date: 2020-06-17
URL: <a href=https://vuln.whitesourcesoftware.com/vulnerability/CVE-2020-14040>CVE-2020-14040</a>

</details>

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/cvss3.png' width=19 height=20> CVSS 3 Score Details (7.5)</summary>


Base Score Metrics:
- Exploitability Metrics:
 - Attack Vector: Network
 - Attack Complexity: Low
 - Privileges Required: None
 - User Interaction: None
 - Scope: Unchanged
- Impact Metrics:
 - Confidentiality Impact: None
 - Integrity Impact: None
 - Availability Impact: High

For more information on CVSS3 Scores, click <a href="https://www.first.org/cvss/calculator/3.0">here</a>.

</details>

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/suggested_fix.png' width=19 height=20> Suggested Fix</summary>


Type: Upgrade version
Origin: <a href="https://osv.dev/vulnerability/GO-2020-0015">https://osv.dev/vulnerability/GO-2020-0015</a>
Release Date: 2020-06-17
Fix Resolution: v0.3.3


</details>


***
Step up your Open Source Security Game with WhiteSource [here](https://www.whitesourcesoftware.com/full_solution_bolt_github)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2020-14040 (High) detected in github.com/docker/distribution-35f1369d377054088c4c2e9079ddbb6c1375105d #20

CVE-2020-14040 - High Severity Vulnerability

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CVE-2020-14040 (High) detected in github.com/docker/distribution-35f1369d377054088c4c2e9079ddbb6c1375105d #20

Description

CVE-2020-14040 - High Severity Vulnerability

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions