{"data":{"id":"d7f4365e-b4d9-44fa-8ccd-474c51fff700","title":"GHSA-xf85-363p-868w: oras-go: Malicious registry can hijack Bearer token realm to exfiltrate credentials and refresh tokens","summary":"oras-go (a tool for working with container registries) didn't validate where it sent credential requests when a registry gave it a new URL in its response. This allowed a malicious registry to trick the tool into either sending credentials over unencrypted connections (defeating HTTPS security) or probing internal network endpoints like cloud metadata services (SSRF, or server-side request forgery, where a program makes requests to places the user didn't intend).","solution":"The patch in `registry/remote/auth/client.go` now rejects realm URLs that use schemes other than http or https, use http when the registry was contacted over https (TLS downgrade), or use IP addresses in loopback, link-local, private, or unspecified ranges unless the registry itself was reached at that same hostname. Cross-host realms on public DNS names continue to be accepted.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-xf85-363p-868w","publishedAt":"2026-07-01T21:06:10.000Z","cveId":"CVE-2026-48978","cweIds":null,"cvssScore":null,"cvssSeverity":"low","severity":"low","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["oras.land/oras-go@<= 1.2.7","oras.land/oras-go/v2@< 2.6.1 (fixed: 2.6.1)"],"affectedVendors":["HuggingFace"],"affectedVendorsRaw":["oras-go","OCI/distribution spec","Docker Hub"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-07-01T21:06:10.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":["AML.T0010"]}}