In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file in github.com/lima-vm/lima
{ "review_status": "UNREVIEWED", "url": "https://pkg.go.dev/vuln/GO-2023-1803" }