Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, allows context-dependent attackers to bypass a seccomp-based sandbox protection mechanism via the --allow-debuggers argument.
{ "binaries": [ { "binary_name": "firejail", "binary_version": "0.9.38.10-0ubuntu0.16.04.1" } ] }