VYPR
High severity7.2GHSA Advisory· Published Apr 26, 2024· Updated Apr 15, 2026

CVE-2024-3154

CVE-2024-3154

Description

A flaw was found in cri-o, where an arbitrary systemd property can be injected via a Pod annotation. Any user who can create a pod with an arbitrary annotation may perform an arbitrary action on the host system.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/cri-o/cri-oGo
>= 1.29.0, < 1.29.41.29.4
github.com/cri-o/cri-oGo
>= 1.28.0, < 1.28.61.28.6
github.com/cri-o/cri-oGo
< 1.27.61.27.6

Affected products

104

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.