—
GO-2024-2919
malicious container creates symlink "mtab" on the host External in github.com/cri-o/cri-o
Details
malicious container creates symlink "mtab" on the host External in github.com/cri-o/cri-o
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/cri-o/cri-o
Introduced in:
1.28.6 Fixed in: 1.28.7 Fix
go get github.com/cri-o/cri-o@v1.28.7 References
- https://github.com/cri-o/cri-o/security/advisories/GHSA-j9hf-98c3-wrm8 [ADVISORY]
- https://nvd.nist.gov/vuln/detail/CVE-2024-5154 [ADVISORY]
- https://access.redhat.com/errata/RHSA-2024:3676 [WEB]
- https://access.redhat.com/errata/RHSA-2024:3700 [WEB]
- https://access.redhat.com/errata/RHSA-2024:4008 [WEB]
- https://access.redhat.com/errata/RHSA-2024:4486 [WEB]
- https://access.redhat.com/security/cve/CVE-2024-5154 [WEB]
- https://bugzilla.redhat.com/show_bug.cgi?id=2280190 [WEB]