An attacker with partial control over the bind mount sources of a new container can bypass namespace restrictions.
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2022-0274" }
{ "imports": [ { "path": "github.com/opencontainers/runc/libcontainer", "symbols": [ "Bytemsg.Serialize", "LinuxFactory.StartInitialization", "linuxContainer.Run", "linuxContainer.Start", "linuxStandardInit.Init" ] } ] }