VYPR
High severityOSV Advisory· Published Jun 12, 2024· Updated Feb 25, 2026

Cri-o: malicious container can create symlink on host

CVE-2024-5154

Description

A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/cri-o/cri-oGo
>= 1.28.6, < 1.28.71.28.7
github.com/cri-o/cri-oGo
>= 1.29.4, < 1.29.51.29.5
github.com/cri-o/cri-oGo
>= 1.30.0, < 1.30.11.30.1

Affected products

2

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.