VYPR

Go modules package

github.com/lxc/lxd

pkg:golang/github.com/lxc/lxd

Vulnerabilities (2)

  • CVE-2025-54287Oct 2, 2025
    affected >= 4.0.0, < 5.21.4fixed 5.21.4

    Template Injection in instance snapshot creation component in Canonical LXD (>= 4.0) allows an attacker with instance configuration permissions to read arbitrary files on the host system via specially crafted snapshot pattern templates using the Pongo2 template engine.

  • CVE-2015-1340Apr 22, 2019
    affected < 0.0.0-20151004155856-19c6961cc101fixed 0.0.0-20151004155856-19c6961cc101

    LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice.