[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2019-18466":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":195,"aliases":205,"duplicate_of":9,"upstream":208,"downstream":209,"duplicates":218,"related":219,"reserved_at":9,"published_at":222,"modified_at":223,"state":224,"summary":225,"references_raw":233,"kevs":284,"epss":285,"epss_history":288,"metrics":547,"affected":560},"CVE-2019-18466","An issue was discovered in Podman in libpod before 1.6.0. It resolves a symlink in the host context during a copy operation from the container to the host, because an undesired glob operation occurs. An attacker could create a container image containing particular symlinks that, when copied by a victim user to the host filesystem, may overwrite existing files with others from the host.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-59","Improper Link Resolution Before File Access ('Link Following')","The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.","weakness","Draft","Base","Medium",[20,101,162,191],{"id":21,"name":22,"techniques":23},"CAPEC-132","Symlink Attack",[24],{"id":25,"name":26,"tactics":27,"countermeasures":34},"T1547.009","Shortcut Modification",[28,31],{"id":29,"name":30},"TA0110","Persistence",{"id":32,"name":33},"TA0111","Privilege Escalation",[35,40,44,48,52,57,62,67,72,77,81,85,89,93,97],{"id":36,"name":37,"tactic":38},"D3-FA","File Analysis",{"name":39},"Detect",{"id":41,"name":42,"tactic":43},"D3-FIM","File Integrity Monitoring",{"name":39},{"id":45,"name":46,"tactic":47},"D3-DA","Dynamic Analysis",{"name":39},{"id":49,"name":50,"tactic":51},"D3-EFA","Emulated File Analysis",{"name":39},{"id":53,"name":54,"tactic":55},"D3-FEV","File Eviction",{"name":56},"Evict",{"id":58,"name":59,"tactic":60},"D3-DF","Decoy File",{"name":61},"Deceive",{"id":63,"name":64,"tactic":65},"D3-FE","File Encryption",{"name":66},"Harden",{"id":68,"name":69,"tactic":70},"D3-RF","Restore File",{"name":71},"Restore",{"id":73,"name":74,"tactic":75},"D3-CF","Content Filtering",{"name":76},"Isolate",{"id":78,"name":79,"tactic":80},"D3-LFP","Local File Permissions",{"name":76},{"id":82,"name":83,"tactic":84},"D3-RFAM","Remote File Access Mediation",{"name":76},{"id":86,"name":87,"tactic":88},"D3-CQ","Content Quarantine",{"name":76},{"id":90,"name":91,"tactic":92},"D3-CM","Content Modification",{"name":76},{"id":94,"name":95,"tactic":96},"D3-EAL","Executable Allowlisting",{"name":76},{"id":98,"name":99,"tactic":100},"D3-EDL","Executable Denylisting",{"name":76},{"id":102,"name":103,"techniques":104},"CAPEC-17","Using Malicious Files",[105,142],{"id":106,"name":107,"tactics":108,"countermeasures":120},"T1574.005","Executable Installer File Permissions Weakness",[109,110,111,114,117],{"id":29,"name":30},{"id":32,"name":33},{"id":112,"name":113},"TA0030","Defense Evasion",{"id":115,"name":116},"TA0005","Stealth",{"id":118,"name":119},"TA0104","Execution",[121,126,130,134,138],{"id":122,"name":123,"tactic":124},"D3-SWI","Software Inventory",{"name":125},"Model",{"id":127,"name":128,"tactic":129},"D3-AVE","Asset Vulnerability Enumeration",{"name":125},{"id":131,"name":132,"tactic":133},"D3-SBV","Service Binary Verification",{"name":39},{"id":135,"name":136,"tactic":137},"D3-SU","Software Update",{"name":66},{"id":139,"name":140,"tactic":141},"D3-RS","Restore Software",{"name":71},{"id":143,"name":144,"tactics":145,"countermeasures":151},"T1574.010","Services File Permissions Weakness",[146,147,148,149,150],{"id":29,"name":30},{"id":32,"name":33},{"id":112,"name":113},{"id":115,"name":116},{"id":118,"name":119},[152,154,156,158,160],{"id":122,"name":123,"tactic":153},{"name":125},{"id":127,"name":128,"tactic":155},{"name":125},{"id":131,"name":132,"tactic":157},{"name":39},{"id":135,"name":136,"tactic":159},{"name":66},{"id":139,"name":140,"tactic":161},{"name":71},{"id":163,"name":164,"techniques":165},"CAPEC-35","Leverage Executable Code in Non-Executable Files",[166,173,180],{"id":167,"name":168,"tactics":169,"countermeasures":172},"T1027.006","HTML Smuggling",[170,171],{"id":112,"name":113},{"id":115,"name":116},[],{"id":174,"name":175,"tactics":176,"countermeasures":179},"T1027.009","Embedded Payloads",[177,178],{"id":112,"name":113},{"id":115,"name":116},[],{"id":181,"name":182,"tactics":183,"countermeasures":186},"T1564.009","Resource Forking",[184,185],{"id":112,"name":113},{"id":115,"name":116},[187],{"id":188,"name":189,"tactic":190},"D3-FFV","File Format Verification",{"name":76},{"id":192,"name":193,"techniques":194},"CAPEC-76","Manipulating Web Input to File System Calls",[],[196],{"_key":197,"name":198,"source":199,"url":200,"maturity":201,"reliability_score":202,"verified":203,"type":9,"platforms":204,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_CONTAINERS_LIBPOD","Libpod","github","https://github.com/containers/libpod/issues/3829","poc",0.3,false,[],[206,207],"GHSA-r34v-gqmw-qvgj","GO-2023-1942",[],[210,212,214,216],{"_key":211},"SUSE-SU-2020:0697-1",{"_key":213},"OPENSUSE-SU-2020:0398-1",{"_key":215},"RHSA-2020:1227",{"_key":217},"RHSA-2019:4269",[],[220,221],{"_key":211},{"_key":213},"2019-10-28T12:37:00.000Z","2024-08-05T01:54:14.351Z","Modified",{"cisa_kev":203,"cisa_ransomware":203,"cisa_vendor":9,"epss_severity":226,"epss_score":227,"severity":228,"severity_score":229,"severity_version":230,"severity_source":231,"severity_vector":232,"severity_status":224},"low",0.00839,"medium",5.8,"v2.0","nvd","AV:N/AC:M/Au:N/C:N/I:P/A:P",[234,244,249,255,259,265,270,275,280],{"url":235,"sources":236,"tags":239},"https://bugzilla.redhat.com/show_bug.cgi?id=1744588",[237,231,238],"cve.org","osv_go",[240,241,242,243],"X Refsource MISC","Issue Tracking","Third Party Advisory","WEB",{"url":200,"sources":245,"tags":246},[237,231,238],[240,247,242,243,248],"Exploit","REPORT",{"url":250,"sources":251,"tags":252},"https://github.com/containers/libpod/commit/5c09c4d2947a759724f9d5aef6bac04317e03f7e",[237,231,238],[240,253,243,254],"Patch","FIX",{"url":256,"sources":257,"tags":258},"https://github.com/containers/libpod/compare/v1.5.1...v1.6.0",[237,231,238],[240,253,243],{"url":260,"sources":261,"tags":262},"https://access.redhat.com/errata/RHSA-2019:4269",[237,231,238],[263,264,243],"Vendor Advisory","X Refsource REDHAT",{"url":266,"sources":267,"tags":268},"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00040.html",[237,231],[263,269],"X Refsource SUSE",{"url":271,"sources":272,"tags":273},"https://nvd.nist.gov/vuln/detail/CVE-2019-18466",[238],[274],"Advisory",{"url":276,"sources":277,"tags":278},"https://github.com/containers/libpod",[238],[279],"PACKAGE",{"url":281,"sources":282,"tags":283},"https://github.com/advisories/GHSA-r34v-gqmw-qvgj",[238],[274],[],{"date":286,"score":227,"percentile":287},"2026-06-04",0.75056,[289,292,295,298,300,303,306,309,311,314,317,320,323,326,328,332,335,338,341,344,347,350,352,355,357,360,363,366,369,372,375,378,381,383,385,388,391,394,397,400,403,406,409,412,415,418,421,424,427,430,433,436,439,442,445,447,449,452,455,458,460,463,466,469,472,475,478,481,484,487,490,493,496,499,502,505,507,510,513,516,519,522,525,528,530,533,536,538,541,544],{"date":290,"score":227,"percentile":291},"2025-11-04",0.73943,{"date":293,"score":227,"percentile":294},"2025-11-05",0.73927,{"date":296,"score":227,"percentile":297},"2025-11-06",0.73925,{"date":299,"score":227,"percentile":291},"2025-11-07",{"date":301,"score":227,"percentile":302},"2025-11-08",0.73942,{"date":304,"score":227,"percentile":305},"2025-11-09",0.73936,{"date":307,"score":227,"percentile":308},"2025-11-10",0.73921,{"date":310,"score":227,"percentile":297},"2025-11-11",{"date":312,"score":227,"percentile":313},"2025-11-12",0.73946,{"date":315,"score":227,"percentile":316},"2025-11-13",0.73952,{"date":318,"score":227,"percentile":319},"2025-11-14",0.73958,{"date":321,"score":227,"percentile":322},"2025-11-15",0.73955,{"date":324,"score":227,"percentile":325},"2025-11-16",0.73951,{"date":327,"score":227,"percentile":302},"2025-11-17",{"date":329,"score":330,"percentile":331},"2025-11-18",0.01069,0.75844,{"date":333,"score":330,"percentile":334},"2025-11-19",0.7585,{"date":336,"score":330,"percentile":337},"2025-11-20",0.75861,{"date":339,"score":227,"percentile":340},"2025-11-21",0.73956,{"date":342,"score":227,"percentile":343},"2025-11-22",0.73948,{"date":345,"score":227,"percentile":346},"2025-11-23",0.73932,{"date":348,"score":227,"percentile":349},"2025-11-24",0.73929,{"date":351,"score":227,"percentile":349},"2025-11-25",{"date":353,"score":227,"percentile":354},"2025-11-26",0.73934,{"date":356,"score":227,"percentile":305},"2025-11-27",{"date":358,"score":227,"percentile":359},"2025-11-28",0.73926,{"date":361,"score":227,"percentile":362},"2025-11-29",0.73922,{"date":364,"score":227,"percentile":365},"2025-11-30",0.73916,{"date":367,"score":227,"percentile":368},"2025-12-01",0.74047,{"date":370,"score":227,"percentile":371},"2025-12-02",0.74055,{"date":373,"score":227,"percentile":374},"2025-12-03",0.74054,{"date":376,"score":227,"percentile":377},"2025-12-04",0.73924,{"date":379,"score":227,"percentile":380},"2025-12-05",0.73935,{"date":382,"score":227,"percentile":380},"2025-12-06",{"date":384,"score":227,"percentile":305},"2025-12-07",{"date":386,"score":227,"percentile":387},"2025-12-08",0.7394,{"date":389,"score":227,"percentile":390},"2025-12-09",0.7397,{"date":392,"score":227,"percentile":393},"2025-12-10",0.74003,{"date":395,"score":227,"percentile":396},"2025-12-11",0.74018,{"date":398,"score":227,"percentile":399},"2025-12-12",0.74042,{"date":401,"score":227,"percentile":402},"2025-12-13",0.74046,{"date":404,"score":227,"percentile":405},"2025-12-14",0.74044,{"date":407,"score":227,"percentile":408},"2025-12-15",0.74048,{"date":410,"score":227,"percentile":411},"2025-12-16",0.74059,{"date":413,"score":227,"percentile":414},"2025-12-17",0.74069,{"date":416,"score":227,"percentile":417},"2025-12-18",0.74092,{"date":419,"score":227,"percentile":420},"2025-12-19",0.74109,{"date":422,"score":227,"percentile":423},"2025-12-20",0.74107,{"date":425,"score":227,"percentile":426},"2025-12-21",0.741,{"date":428,"score":227,"percentile":429},"2025-12-22",0.74102,{"date":431,"score":227,"percentile":432},"2025-12-23",0.74093,{"date":434,"score":227,"percentile":435},"2025-12-24",0.74104,{"date":437,"score":227,"percentile":438},"2025-12-25",0.74132,{"date":440,"score":227,"percentile":441},"2025-12-26",0.74128,{"date":443,"score":227,"percentile":444},"2025-12-27",0.74159,{"date":446,"score":227,"percentile":423},"2025-12-28",{"date":448,"score":227,"percentile":426},"2025-12-29",{"date":450,"score":227,"percentile":451},"2025-12-30",0.74117,{"date":453,"score":227,"percentile":454},"2025-12-31",0.74145,{"date":456,"score":227,"percentile":457},"2026-01-01",0.74287,{"date":459,"score":227,"percentile":457},"2026-01-02",{"date":461,"score":227,"percentile":462},"2026-01-03",0.74289,{"date":464,"score":227,"percentile":465},"2026-01-04",0.74157,{"date":467,"score":227,"percentile":468},"2026-01-05",0.74149,{"date":470,"score":227,"percentile":471},"2026-01-06",0.74166,{"date":473,"score":227,"percentile":474},"2026-01-07",0.74172,{"date":476,"score":227,"percentile":477},"2026-01-08",0.74185,{"date":479,"score":227,"percentile":480},"2026-01-09",0.74192,{"date":482,"score":227,"percentile":483},"2026-01-10",0.74187,{"date":485,"score":227,"percentile":486},"2026-01-11",0.74175,{"date":488,"score":227,"percentile":489},"2026-01-12",0.74165,{"date":491,"score":227,"percentile":492},"2026-01-13",0.74164,{"date":494,"score":227,"percentile":495},"2026-01-14",0.74188,{"date":497,"score":227,"percentile":498},"2026-01-15",0.74197,{"date":500,"score":227,"percentile":501},"2026-01-16",0.74213,{"date":503,"score":227,"percentile":504},"2026-01-17",0.7421,{"date":506,"score":227,"percentile":477},"2026-01-18",{"date":508,"score":227,"percentile":509},"2026-01-19",0.74176,{"date":511,"score":227,"percentile":512},"2026-01-20",0.74181,{"date":514,"score":227,"percentile":515},"2026-01-21",0.74184,{"date":517,"score":227,"percentile":518},"2026-01-22",0.7419,{"date":520,"score":227,"percentile":521},"2026-01-23",0.74219,{"date":523,"score":227,"percentile":524},"2026-01-24",0.74228,{"date":526,"score":227,"percentile":527},"2026-01-25",0.74212,{"date":529,"score":227,"percentile":504},"2026-01-26",{"date":531,"score":227,"percentile":532},"2026-01-27",0.74218,{"date":534,"score":227,"percentile":535},"2026-01-28",0.7423,{"date":537,"score":227,"percentile":524},"2026-01-29",{"date":539,"score":227,"percentile":540},"2026-01-30",0.74231,{"date":542,"score":227,"percentile":543},"2026-01-31",0.74235,{"date":545,"score":227,"percentile":546},"2026-02-01",0.74356,[548,558],{"source":231,"cvss_v2_0":549,"cvss_v3_0":9,"cvss_v3_1":552,"cvss_v4_0":9},{"baseScore":229,"baseSeverity":9,"vectorString":232,"impactScore":550,"exploitabilityScore":551},4.9,8.6,{"baseScore":553,"baseSeverity":554,"vectorString":555,"impactScore":556,"exploitabilityScore":557},5.5,"MEDIUM","CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",6,4.6,{"source":238,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":559,"cvss_v4_0":9},{"baseScore":553,"baseSeverity":9,"vectorString":555,"impactScore":556,"exploitabilityScore":557},[561,574,580,585,590,596],{"ecosystem":562,"name":563,"vendor":564,"product":565,"cpe_part":9,"purl_type":566,"purl_namespace":564,"purl_name":565,"source":9,"versions":567},"Go","github.com/containers/libpod","github.com/containers","libpod","golang",[568],{"version":569,"is_range":570,"range_type":571,"version_start":9,"version_start_type":9,"version_end":572,"version_end_type":573,"fixed_in":9},"lt1_6_0",true,"semver","1.6.0","excluding",{"ecosystem":562,"name":575,"vendor":564,"product":576,"cpe_part":9,"purl_type":566,"purl_namespace":564,"purl_name":576,"source":9,"versions":577},"github.com/containers/podman","podman",[578],{"version":579,"is_range":570,"range_type":571,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"all",{"ecosystem":562,"name":581,"vendor":575,"product":582,"cpe_part":9,"purl_type":566,"purl_namespace":575,"purl_name":582,"source":9,"versions":583},"github.com/containers/podman/v2","v2",[584],{"version":579,"is_range":570,"range_type":571,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":562,"name":586,"vendor":575,"product":587,"cpe_part":9,"purl_type":566,"purl_namespace":575,"purl_name":587,"source":9,"versions":588},"github.com/containers/podman/v3","v3",[589],{"version":579,"is_range":570,"range_type":571,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":562,"name":591,"vendor":575,"product":592,"cpe_part":9,"purl_type":566,"purl_namespace":575,"purl_name":592,"source":9,"versions":593},"github.com/containers/podman/v4","v4",[594,595],{"version":569,"is_range":570,"range_type":571,"version_start":9,"version_start_type":9,"version_end":572,"version_end_type":573,"fixed_in":9},{"version":579,"is_range":570,"range_type":571,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},{"ecosystem":9,"name":565,"vendor":597,"product":565,"cpe_part":598,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":599},"libpod_project","a",[600],{"version":601,"is_range":570,"range_type":602,"version_start":9,"version_start_type":9,"version_end":572,"version_end_type":573,"fixed_in":9},"lt1.6.0","cpe"]