2 matches found
GLSA-202107-50 : Singularity: Remote code execution
The remote host is affected by the vulnerability described in GLSA-202107-50 Singularity: Remote code execution Singularity always uses the default remote endpoint, cloud.syslabs.io, for action commands using the library:// URI rather than the configured remote endpoint. Impact : An attacker that...
MGASA-2022-0006 Updated singularity packages fix security vulnerability
A dependency used to extract docker/OCI image layers can be tricked into modifying host files by creating a malicious layer that has a symlink with the name "." or "/", when running as root. CVE-2021-29136 Dde to incorrect use of a default URL, singularity action commands run/shell/exec specifyin...