CVE-2021-30465: Path Traversal

May 27, 2021 (updated November 9, 2023)

runc allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.

References

github.com/opencontainers/runc/security/advisories/GHSA-c3xm-pvg7-gh7r
nvd.nist.gov/vuln/detail/CVE-2021-30465

Code Behaviors & Features

Detect and mitigate CVE-2021-30465 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →