Analysis
Analysis and contextual insights are available on OpenCVE Cloud.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| regclient | regclient | affected |
|
No data.
No data.
No data available yet.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2024-2641 | regclient is a Docker and OCI Registry Client in Go. A malicious registry could return a different digest for a pinned manifest without detection. This vulnerability is fixed in 0.7.1. |
 Github GHSA |
GHSA-qv35-3gw6-8q4j | In regclient, pinned manifest digests may be ignored |
Thu, 13 Feb 2025 00:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
Wed, 29 Jan 2025 18:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 29 Jan 2025 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | regclient is a Docker and OCI Registry Client in Go. A malicious registry could return a different digest for a pinned manifest without detection. This vulnerability is fixed in 0.7.1. | |
| Title | regclient may ignore pinned manifest digests | |
| Weaknesses | CWE-20 CWE-345 |
|
| References |
| |
| Metrics |
cvssV3_1
|
Subscriptions
No data.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2025-01-29T17:52:45.827Z
Reserved: 2025-01-27T15:32:29.449Z
Link: CVE-2025-24882
Vulnrichment
Updated: 2025-01-29T17:47:29.251Z
NVD
Status : Deferred
Published: 2025-01-29T18:15:47.570
Modified: 2026-04-15T00:35:42.020
Link: CVE-2025-24882
Redhat
OpenCVE Enrichment
No data.