VYPR
Moderate severityNVD Advisory· Published Oct 28, 2019· Updated Aug 5, 2024

CVE-2019-18466

CVE-2019-18466

Description

An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/containers/podman/v4Go
< 1.6.01.6.0

Affected products

14

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.