GHSA-CVXM-645Q-P574 containerd: CRI checkpoint import allows local image tag poisoning

Impact containerd's CRI checkpoint import process contains a vulnerability where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods can use a crafted checkpoint image to force containerd to pull a malicious...