Link Following in github.com/containers/common
Moderate severity
GitHub Reviewed
Published
Oct 1, 2024
to the GitHub Advisory Database
•
Updated Nov 26, 2024
Description
Published by the National Vulnerability Database
Oct 1, 2024
Published to the GitHub Advisory Database
Oct 1, 2024
Reviewed
Oct 1, 2024
Last updated
Nov 26, 2024
A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.
References