In case of a connection issue or a 200 response with wrong content-type/actual content during a docker pull, Artifactory might cache corrupted layers.
It seems that Artifactory does not validate the checksum of the layer against the manifest.
After an additional check, it seems that the manifest is protected and cannot be cached as corrupted but the layers themselves are vulnerable to that.
Steps to reproduce:
1. Pull a docker image from an Artifactory remote
2. Configure a proxy between Artifactory and the remote server
3. Either make the proxy return an invalid body for a blob endpoint or edit the Response content for one of the layers
4. You will see Artifactory caches the corrupted layer