: Run uname -rs in your terminal. If your version is within the 5.7 to 5.12.3 range and has not been patched, you may be at risk. Remediation :
To help narrow down security controls for your development environment, could you share whether your registry is or if you are running it on a local Docker container network ? Knowing if you use automated vulnerability scanners like Dependency-Check would also help tailor a mitigation plan. Share public link baget exploit 2021
[Attacker] │ ▼ (Forged HTTP POST Request to push package) ┌──────────────────────────────────────────────┐ │ Vulnerable BaGet API Endpoints │ │ - /v3/index.json / Allow Anonymous Pushes │ └──────────────────────┬───────────────────────┘ │ ▼ (Bypasses weak verification) ┌──────────────────────────────────────────────┐ │ Arbitrary File / Package Storage (RCE) │ └──────────────────────────────────────────────┘ Technical Mechanics of the Attack : Run uname -rs in your terminal