Affected by GO-2022-0426 and 6 other vulnerabilities

GO-2022-0426: Incorrect Default Permissions in CRI-O in github.com/cri-o/cri-o

GO-2022-0480: Node DOS by way of memory exhaustion through ExecSync request in CRI-O in github.com/cri-o/cri-o

GO-2022-0608: Incorrect Permission Assignment for Critical Resource in CRI-O in github.com/cri-o/cri-o

GO-2022-1014: CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure in github.com/cri-o/cri-o

GO-2022-1206: CRI-O vulnerable to /etc/passwd tampering resulting in Privilege Escalation in github.com/cri-o/cri-o

GO-2024-2458: CRI-O's pods can break out of resource confinement on cgroupv2 in github.com/cri-o/cri-o

GO-2024-2791: CRI-O vulnerable to an arbitrary systemd property injection in github.com/cri-o/cri-o

cmd/

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Path	Synopsis
crio
crio-config