GHSA-C3XM-PVG7-GH7R mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs
Summary runc 1.0.0-rc94 and earlier are vulnerable to a symlink exchange attack whereby an attacker can request a seemingly-innocuous container configuration that actually results in the host filesystem being bind-mounted into the container allowing for a container escape. CVE-2021-30465 has been...