CVE-2025-62596

Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling performs insufficiently strict write-target validation, and when combined with path substitution during pathname resolution, can allow writes to unintended procfs locations. While resolving a path...

CVE-2025-62596

Youki is a container runtime written in Rust. In versions 0.5.6 and below, youki’s apparmor handling performs insufficiently strict write-target validation, and when combined with path substitution during pathname resolution, can allow writes to unintended procfs locations. While resolving a path...

CVE-2025-62161

Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container escape when youki utilizes bind mounting the container's /dev/null as a file mask. This issue is fixed in version 0.5.7...

youki 安全漏洞

youki is a youki open source implementation of the OCI runtime specification in Rust. A security vulnerability exists in youki 0.5.6 and earlier versions, which stems from insufficient initial validation of source /dev/null and could lead to container escape...

youki 安全漏洞

youki is a youki open source implementation of the OCI runtime specification in Rust. A security vulnerability exists in youki version 0.5.6 and earlier, which stems from insufficient validation of the write target by the apparmor handler, which in combination with path substitution during pathna...

CVE-2025-62161 youki container escape via "masked path" abuse due to mount race conditions

Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container escape when youki utilizes bind mounting the container's /dev/null as a file mask. This issue is fixed in version 0.5.7...

GHSA-4G74-7CFF-XCV8 youki container escape via "masked path" abuse due to mount race conditions

Impact youki utilizes bind mounting the container's /dev/null as a file mask. When performing this operation, the initial validation of the source /dev/null was insufficient. Specifically, we initially failed to verify whether /dev/null was genuinely present. However, we did perform validation to...

CVE-2025-54867 Youki Symlink Following Vulnerability

Youki is a container runtime written in Rust. Prior to version 0.5.5, if /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. This issue has been patched in version 0.5.5...

youki 安全漏洞

youki is a youki open source implementation of the OCI runtime specification in Rust. A security vulnerability exists in versions of youki prior to 0.5.5, which stems from mishandling of symbolic links and could lead to access to the host root filesystem...

youki 安全漏洞

youki is a youki open source implementation of the OCI runtime specification in Rust. A security vulnerability exists in versions of youki prior to 0.5.3 that stems from a tenant builder accepting a list of features to be added to the tenant container specification during the creation of a tenant...

Container Breakout (Leaky Vessels)

Overview youki is an a container runtime written in Rust. Affected versions of this package are vulnerable to Container Breakout Leaky Vessels. Due to certain leaked file descriptors, an attacker could cause a newly-spawned container process from runc exec to have a working directory in the host...