VYPR

Go modules package

github.com/kata-containers/runtime

pkg:golang/github.com/kata-containers/runtime

Vulnerabilities (2)

  • CVE-2020-2023Jun 10, 2020
    affected < 1.9.1fixed 1.9.1

    Kata Containers doesn't restrict containers from accessing the guest's root filesystem device. Malicious containers can exploit this to gain code execution on the guest and masquerade as the kata-agent. This issue affects Kata Containers 1.11 versions earlier than 1.11.1; Kata Co

  • CVE-2020-2026Jun 10, 2020
    affected < 1.9.1fixed 1.9.1

    A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This