CVE-2021-41190
Public on 2021-11-17
Modified on 2021-12-09
Description
The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Image Specification, the manifest and index documents were not self-describing and documents with a single digest could be interpreted as either a manifest or an index. In the OCI Image Specification version 1.0.1 there is specified a recommendation that both manifest and index documents contain a `mediaType` field to identify the type of document.
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| HAQM Linux 1 | containerd | 2021-11-17 | ALAS-2021-1551 | Fixed |
| HAQM Linux 2 - Docker Extra | containerd | 2021-11-17 | ALAS2DOCKER-2021-014 | Fixed |
| HAQM Linux 2 - Ecs Extra | containerd | 2023-11-09 | ALAS2ECS-2023-026 | Fixed |
| HAQM Linux 2 - Aws-nitro-enclaves-cli Extra | containerd | 2021-11-17 | ALAS2NITRO-ENCLAVES-2021-014 | Fixed |
| HAQM Linux 1 | docker | 2021-11-17 | ALAS-2021-1551 | Fixed |
| HAQM Linux 2 - Docker Extra | docker | 2021-11-17 | ALAS2DOCKER-2021-014 | Fixed |
| HAQM Linux 2 - Ecs Extra | docker | 2023-11-09 | ALAS2ECS-2023-025 | Fixed |
| HAQM Linux 2 - Aws-nitro-enclaves-cli Extra | docker | 2021-11-17 | ALAS2NITRO-ENCLAVES-2021-014 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| HAQM Linux | CVSSv3 | 5.0 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N |
| HAQM Linux | CVSSv2 | 4.0 | AV:N/AC:L/Au:S/C:N/I:P/A:N |
| NVD | CVSSv2 | 4.0 | AV:N/AC:L/Au:S/C:N/I:P/A:N |
| NVD | CVSSv3 | 5.0 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N |