GO-2024-2491

Source
https://pkg.go.dev/vuln/GO-2024-2491
Import Source
https://vuln.go.dev/ID/GO-2024-2491.json
JSON Data
https://api.osv.dev/v1/vulns/GO-2024-2491
Aliases
Published
2024-06-28T15:28:53Z
Modified
2024-07-01T21:50:42Z
Summary
Container breakout through process.cwd trickery and leaked fds in github.com/opencontainers/runc
Details

Container breakout through process.cwd trickery and leaked fds in github.com/opencontainers/runc

Database specific
{
    "review_status": "REVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2024-2491"
}
References
Credits
    • Rory McNamara from Snyk
    • @lifubang from acmcoder
    • Aleksa Sarai from SUSE

Affected packages

Go / github.com/opencontainers/runc

Package

Name
github.com/opencontainers/runc
View open source insights on deps.dev
Purl
pkg:golang/github.com/opencontainers/runc

Affected ranges

Type
SEMVER
Events
Introduced
1.0.0-rc93
Fixed
1.1.12

Ecosystem specific

{
    "imports": [
        {
            "path": "github.com/opencontainers/runc/libcontainer/utils",
            "symbols": [
                "CloseExecFrom"
            ]
        },
        {
            "path": "github.com/opencontainers/runc/libcontainer/cgroups",
            "symbols": [
                "openFile",
                "prepareOpenat2"
            ]
        },
        {
            "path": "github.com/opencontainers/runc/libcontainer",
            "symbols": [
                "Container.start",
                "Init",
                "finalizeNamespace",
                "linuxSetnsInit.Init",
                "linuxStandardInit.Init"
            ]
        }
    ]
}