Go modules package
github.com/lxc/lxd
pkg:golang/github.com/lxc/lxd
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-54287 | — | >= 4.0.0, < 5.21.4 | 5.21.4 | Oct 2, 2025 | Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine. | ||
| CVE-2015-1340 | — | < 0.0.0-20151004155856-19c6961cc101 | 0.0.0-20151004155856-19c6961cc101 | Apr 22, 2019 | LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice. |
- CVE-2025-54287Oct 2, 2025affected >= 4.0.0, < 5.21.4fixed 5.21.4
Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.
- CVE-2015-1340Apr 22, 2019affected < 0.0.0-20151004155856-19c6961cc101fixed 0.0.0-20151004155856-19c6961cc101
LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice.