Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
youki container escape via "masked path" abuse due to mount race conditions
Vulnerability Description
Youki is a container runtime written in Rust. In versions 0.5.6 and below, the initial validation of the source /dev/null is insufficient, allowing container escape when youki utilizes bind mounting the container's /dev/null as a file mask. This issue is fixed in version 0.5.7.
CVSS Information
N/A
Vulnerability Type
允许符号链接跟随的竞争条件
Vulnerability Title
youki 安全漏洞
Vulnerability Description
youki是youki开源的一个 Rust 中 OCI 运行时规范的实现。 youki 0.5.6及之前版本存在安全漏洞,该漏洞源于对源/dev/null的初始验证不足,可能导致容器逃逸。
CVSS Information
N/A
Vulnerability Type
N/A