Launch Week Day 1: Announcing Security Design Review

Koji blacklisted paths workaround

GHSA-vwp5-w4rq-g4cc · CVE-2017-1002153

Published May 13, 2022 · Modified Jun 10, 2026

Description

Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes