VulnerableCode Package Details - pkg:deb/ubuntu/runc@1.0.0~rc10-0ubuntu1

Search for packages

Package details: pkg:deb/ubuntu/runc@1.0.0~rc10-0ubuntu1

Essentials
History (0)

purl	pkg:deb/ubuntu/runc@1.0.0~rc10-0ubuntu1

Next non-vulnerable version	1.0.0~rc93-0ubuntu1~20.04.2
Latest non-vulnerable version	1.0.0~rc93-0ubuntu1~20.04.2
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-6myd-yj9t-aaae Aliases: CVE-2021-30465 GHSA-c3xm-pvg7-gh7r	runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.	1.0.0~rc93-0ubuntu1~20.04.2 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-5wce-1ywg-aaam	runc through 1.0.0-rc9 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. (This vulnerability does not affect Docker due to an implementation detail that happens to block the attack.)	CVE-2019-19921 GHSA-fh74-hm69-rqjw

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version