GHSA-c5pj-mqfh-rvc3 "Runc allows an arbitrary systemd property to be injected" is a misunderstood vulnerability. Users do NOT need to update runc. #4263
Comments
AkihiroSuda
changed the title
|
hm did I file the gh advisory wrong? happy to edit anything that I messed up |
GHSA-c5pj-mqfh-rvc3 seems published by NVD, not by you? |
|
The advisory GHSA-c5pj-mqfh-rvc3 is now withdrawn |
This was referenced May 28, 2024
This was referenced Jun 5, 2024
This was referenced Jun 12, 2024
This was referenced Sep 24, 2024
This was referenced Oct 2, 2024
This was referenced Oct 9, 2024
This was referenced Oct 18, 2024
This was referenced Oct 31, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
GHSA-c5pj-mqfh-rvc3
("GitHub Reviewed" 🤔) is mislabeled as a vuln of runc < v1.2.0-rc.1.
"This issue has its root in how runc handles Config Annotations lists" is disinformation; the issue has its actual root in how CRI-O handles user input. cri-o/cri-o@976ab1f
Users do NOT need to update runc.
The text was updated successfully, but these errors were encountered: