{"id":"GO-2021-0087","summary":"Race condition in github.com/opencontainers/runc","details":"A race while mounting volumes allows a possible symlink-exchange attack, allowing a user whom can start multiple containers with custom volume mount configurations to escape the container.","aliases":["CVE-2019-19921","GHSA-fh74-hm69-rqjw"],"modified":"2026-02-04T03:07:02.484214Z","published":"2021-04-14T20:04:52Z","related":["CGA-9m6c-x7j6-hq56"],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2021-0087","review_status":"REVIEWED"},"references":[{"type":"FIX","url":"https://github.com/opencontainers/runc/pull/2207"},{"type":"FIX","url":"https://github.com/opencontainers/runc/commit/2fc03cc11c775b7a8b2e48d7ee447cb9bef32ad0"},{"type":"WEB","url":"https://github.com/opencontainers/runc/issues/2197"}],"affected":[{"package":{"name":"github.com/opencontainers/runc","ecosystem":"Go","purl":"pkg:golang/github.com/opencontainers/runc"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.0.0-rc9.0.20200122160610-2fc03cc11c77"}]}],"ecosystem_specific":{"imports":[{"symbols":["mountToRootfs"],"path":"github.com/opencontainers/runc/libcontainer"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2021-0087.json"}}],"schema_version":"1.7.3","credits":[{"name":"Leopold Schabel"}]}