-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability was initially attributed to runc's handling of config annotations but was later withdrawn as the root cause was identified in CRI-O's failure to filter dangerous annotations before passing them to runc. The runc commit 3db0871 adds a 'potentiallyUnsafeConfigAnnotations' list in features.go to help consumers identify unsafe annotations, which is a protective measure rather than a vulnerability. The actual command injection occurs at the CRI-O layer when processing pod annotations, not in runc's functions. No specific functions in runc's codebase were identified as directly vulnerable with high confidence, as the advisory withdrawal indicates the vulnerability was misattributed.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| github.com/opencontainers/runc | go | < 1.2.0-rc.1 | 1.2.0-rc.1 |
GoGoOngoing coverage of React2Shell