CVE-2024-0406
CVE Details
Visit the official vulnerability details page for CVE-2024-0406 to learn more.
Initial Publication
10/25/2024
Last Update
08/25/2025
Third Party Dependency
github.com/mholt/archiver/v3
NIST CVE Summary
A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.
CVE Severity
Our Official Summary
This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library. THere are controls in place to prevent direct access to the SQLite database in the container. Hence the probability of exploitation is low. Even if exploited, the attack surface is limited to the container which makes the risk lower. There are currently no known workarounds. We will upgrade to the latest versions with the fix, when that becomes available.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.7.16 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.6.41 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.5.22 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
| 4.4.20 | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted | ⚠️ Impacted |
Revision History
| Date | Revision |
|---|---|
| 04/26/2025 | Advisory assigned with HIGH severity |