Описание
Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container escape when youki utilizes bind mounting the container's /dev/null as a file mask. This issue is fixed in version 0.5.7.
Ссылки
- Patch
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.5.7 (исключая)
cpe:2.3:a:youki-dev:youki:*:*:*:*:*:rust:*:*
EPSS
Процентиль: 15%
0.0005
Низкий
10 Critical
CVSS3
Дефекты
CWE-61
Связанные уязвимости
CVSS3: 10
github
3 месяца назад
youki container escape via "masked path" abuse due to mount race conditions
EPSS
Процентиль: 15%
0.0005
Низкий
10 Critical
CVSS3
Дефекты
CWE-61