2 matches found
containerd allows host filesystem access on pull
Impact A time-of-check to time-of-use TOCTOU vulnerability was found in containerd v2.1.0. While unpacking an image during an image pull, specially crafted container images could arbitrarily modify the host file system. Patches This bug has been fixed in the following containerd versions: 2.1.1 T...
Medium: containerd
Issue Overview: Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing...