2 matches found
GitHub: CVE-2024-21626 Container breakout through process.cwd trickery and leaked fds
...
GHSA-XR7R-F8XQ-VFVV runc vulnerable to container breakout through process.cwd trickery and leaked fds
Impact In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process from runc exec to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem "attack 2". Th...