reports/GO-2021-0087.toml - vuln - Git at Google

 module = "github.com/opencontainers/runc"
 package = "github.com/opencontainers/runc/libcontainer"

 description = """
 A race while mounting volumes allows a possible symlink-exchange
 attack, allowing a user whom can start multiple containers with
 custom volume mount configurations to escape the container.

 """

 cve = "CVE-2019-19921"

 credit = "Leopold Schabel"

 symbols = ["mountToRootfs"]

 published = "2021-04-14T12:00:00Z"

 [[versions]]
 fixed = "v1.0.0-rc9.0.20200122160610-2fc03cc11c77"

 [links]
 commit = "https://github.com/opencontainers/runc/commit/2fc03cc11c775b7a8b2e48d7ee447cb9bef32ad0"
 pr = "https://github.com/opencontainers/runc/pull/2207"
 context = ["https://github.com/opencontainers/runc/issues/2197"]
	module = "github.com/opencontainers/runc"
	package = "github.com/opencontainers/runc/libcontainer"

	description = """
	A race while mounting volumes allows a possible symlink-exchange
	attack, allowing a user whom can start multiple containers with
	custom volume mount configurations to escape the container.

	"""

	cve = "CVE-2019-19921"

	credit = "Leopold Schabel"

	symbols = ["mountToRootfs"]

	published = "2021-04-14T12:00:00Z"

	[[versions]]
	fixed = "v1.0.0-rc9.0.20200122160610-2fc03cc11c77"

	[links]
	commit = "https://github.com/opencontainers/runc/commit/2fc03cc11c775b7a8b2e48d7ee447cb9bef32ad0"
	pr = "https://github.com/opencontainers/runc/pull/2207"
	context = ["https://github.com/opencontainers/runc/issues/2197"]