A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.
Credits
Red Hat would like to thank Antony Di Scala and Michael Whale for reporting this issue.
