github.com/bottlerocket-os/hotdog is vulnerable to privilege escalation. The vulnerability exists in main
function in main.go
due to an incomplete fix for CVE-2021-3101, because the target JVM processor doesn’t limit the resources and filters which allows an attacker to gain access on host and perform unauthorized actions.
github.com/bottlerocket-os/hotdog/commit/1b1bcc334ff0ed06e5ac3c5fb7d2e7c8a764f8d1
github.com/bottlerocket-os/hotdog/commit/84a8080e1a8754d605bad861fc528d61d7792ff9
github.com/bottlerocket-os/hotdog/pull/9
github.com/bottlerocket-os/hotdog/security/advisories/GHSA-jr96-7frv-3mpj
unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilities
unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilities/