{"id":"CVE-2022-0071","summary":"Hotdog Container Escape","details":"Incomplete fix for CVE-2021-3101. Hotdog, prior to v1.0.2, did not mimic the resource limits, device restrictions, or syscall filters of the target JVM process. This would allow a container to exhaust the resources of the host, modify devices, or make syscalls that would otherwise be blocked.","aliases":["GHSA-jr96-7frv-3mpj"],"modified":"2026-07-08T06:28:53.914483273Z","published":"2022-04-19T22:15:25.022Z","database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/0xxx/CVE-2022-0071.json","cna_assigner":"palo_alto","cwe_ids":["CWE-250"]},"references":[{"type":"WEB","url":"https://unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilities"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/0xxx/CVE-2022-0071.json"},{"type":"ADVISORY","url":"https://github.com/bottlerocket-os/hotdog/security/advisories/GHSA-jr96-7frv-3mpj"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0071"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bottlerocket-os/hotdog","events":[{"introduced":"0"},{"fixed":"6a20cf8d2f9502cf45335e0753282f52e23ae92c"}],"database_specific":{"source":["AFFECTED_FIELD","CPE_RANGE"],"extracted_events":[{"introduced":"0"},{"fixed":"1.0.2"}],"cpe":"cpe:2.3:a:hotdog_project:hotdog:*:*:*:*:*:java:*:*"}}],"versions":["v1.0.1","v1.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-0071.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}]}