x/vulndb: potential Go vuln in github.com/appc/docker2aci: CVE-2016-7569

[tatianab]

CVE-2016-7569 references github.com/appc/docker2aci, which may be a Go module.

Description:
Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a .. (dot dot) in the embedded layer data in an image.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2016-7569
• report: Path traversals present in image converting appc/docker2aci#201
• web: https://github.com/appc/docker2aci/releases/tag/v0.13.0
• web: http://www.openwall.com/lists/oss-security/2016/09/28/2
• web: http://www.openwall.com/lists/oss-security/2016/09/28/4
• web: http://www.securityfocus.com/bid/93194
• Imported by: https://pkg.go.dev/github.com/appc/docker2aci?tab=importedby

Cross references:

• Module github.com/appc/docker2aci appears in issue x/vulndb: potential Go vuln in github.com/appc/docker2aci: GHSA-gfh2-7jg5-653p #833 NOT_IMPORTABLE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/appc/docker2aci
      vulnerable_at: 0.17.2
      packages:
        - package: n/a
cves:
    - CVE-2016-7569
references:
    - report: https://github.com/appc/docker2aci/issues/201
    - web: https://github.com/appc/docker2aci/releases/tag/v0.13.0
    - web: http://www.openwall.com/lists/oss-security/2016/09/28/2
    - web: http://www.openwall.com/lists/oss-security/2016/09/28/4
    - web: http://www.securityfocus.com/bid/93194

[gopherbot]

Change https://go.dev/cl/540721 mentions this issue: data/excluded: batch add 135 excluded reports