{"id":"GO-2022-0914","summary":"Mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs in github.com/opencontainers/runc","details":"Mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs in github.com/opencontainers/runc","aliases":["CVE-2021-30465","GHSA-c3xm-pvg7-gh7r"],"modified":"2026-03-17T04:29:01.822017Z","published":"2024-08-21T15:29:08Z","related":["CGA-qqf4-pjrx-g369"],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2022-0914","review_status":"REVIEWED"},"references":[{"type":"ADVISORY","url":"https://github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r"},{"type":"FIX","url":"https://github.com/opencontainers/runc/commit/0ca91f44f1664da834bc61115a849b56d22f595f"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2021/05/19/2"},{"type":"WEB","url":"https://bugzilla.opensuse.org/show_bug.cgi?id=1185405"},{"type":"WEB","url":"https://github.com/opencontainers/runc/releases"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/35ZW6NBZSBH5PWIT7JU4HXOXGFVDCOHH"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HOARVIT47RULTTFWAU7XBG4WY6TDDHV"},{"type":"WEB","url":"https://security.gentoo.org/glsa/202107-26"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20210708-0003"}],"affected":[{"package":{"name":"github.com/opencontainers/runc","ecosystem":"Go","purl":"pkg:golang/github.com/opencontainers/runc"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.0.0-rc95"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2022-0914.json"}}],"schema_version":"1.7.5"}