CVE-2024-9341

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-9341
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-9341.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-9341
Aliases
Downstream
Related
Published
2024-10-01T19:15:09Z
Modified
2025-08-09T20:01:26Z
Severity
  • 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CVSS Calculator
Summary
[none]
Details

A flaw was found in Go. When FIPS mode is enabled on a system, container runtimes may incorrectly handle certain file paths due to improper validation in the containers/common Go library. This flaw allows an attacker to exploit symbolic links and trick the system into mounting sensitive host directories inside a container. This issue also allows attackers to access critical host files, bypassing the intended isolation between containers and the host system.

References

Affected packages