-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GHSA-c5pj-mqfh-rvc3 "Runc allows an arbitrary systemd property to be injected" is a misunderstood vulnerability. Users do NOT need to update runc. #4263
Comments
AkihiroSuda
changed the title
GHSA-c5pj-mqfh-rvc3 "Runc allows an arbitrary systemd property to be injected" is a fake vulnerability. Users do NOT need to update runc.
GHSA-c5pj-mqfh-rvc3 "Runc allows an arbitrary systemd property to be injected" is a misunderstood vulnerability. Users do NOT need to update runc.
Apr 29, 2024
hm did I file the gh advisory wrong? happy to edit anything that I messed up |
GHSA-c5pj-mqfh-rvc3 seems published by NVD, not by you? |
The advisory GHSA-c5pj-mqfh-rvc3 is now withdrawn |
This was referenced May 28, 2024
This was referenced Jun 5, 2024
This was referenced Jun 12, 2024
This was referenced Sep 25, 2024
This was referenced Oct 4, 2024
This was referenced Oct 14, 2024
This was referenced Oct 22, 2024
This was referenced Oct 31, 2024
This was referenced Nov 8, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
GHSA-c5pj-mqfh-rvc3
("GitHub Reviewed" 🤔) is mislabeled as a vuln of runc < v1.2.0-rc.1.
"This issue has its root in how runc handles Config Annotations lists" is disinformation; the issue has its actual root in how CRI-O handles user input. cri-o/cri-o@976ab1f
Users do NOT need to update runc.
The text was updated successfully, but these errors were encountered: