An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host.
{ "nvd_published_at": "2019-10-28T13:15:00Z", "cwe_ids": [ "CWE-59" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-07-18T20:43:20Z" }