[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-28642":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T20:55:29.923Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":200,"aliases":201,"duplicate_of":9,"upstream":204,"downstream":205,"duplicates":234,"related":235,"reserved_at":9,"published_at":247,"modified_at":248,"state":249,"summary":250,"references_raw":259,"kevs":294,"epss":295,"epss_history":298,"metrics":543,"affected":557},"CVE-2023-28642","runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.\n\n",null,[11,19],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-281","Improper Preservation of Permissions","The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.","weakness","Draft","Base",[],{"_key":20,"id":20,"name":21,"description":22,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":23,"capec":24},"CWE-59","Improper Link Resolution Before File Access ('Link Following')","The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.","Medium",[25,106,167,196],{"id":26,"name":27,"techniques":28},"CAPEC-132","Symlink Attack",[29],{"id":30,"name":31,"tactics":32,"countermeasures":39},"T1547.009","Shortcut Modification",[33,36],{"id":34,"name":35},"TA0110","Persistence",{"id":37,"name":38},"TA0111","Privilege Escalation",[40,45,49,53,57,62,67,72,77,82,86,90,94,98,102],{"id":41,"name":42,"tactic":43},"D3-FA","File Analysis",{"name":44},"Detect",{"id":46,"name":47,"tactic":48},"D3-FIM","File Integrity Monitoring",{"name":44},{"id":50,"name":51,"tactic":52},"D3-DA","Dynamic Analysis",{"name":44},{"id":54,"name":55,"tactic":56},"D3-EFA","Emulated File Analysis",{"name":44},{"id":58,"name":59,"tactic":60},"D3-FEV","File Eviction",{"name":61},"Evict",{"id":63,"name":64,"tactic":65},"D3-DF","Decoy File",{"name":66},"Deceive",{"id":68,"name":69,"tactic":70},"D3-FE","File Encryption",{"name":71},"Harden",{"id":73,"name":74,"tactic":75},"D3-RF","Restore File",{"name":76},"Restore",{"id":78,"name":79,"tactic":80},"D3-CF","Content Filtering",{"name":81},"Isolate",{"id":83,"name":84,"tactic":85},"D3-LFP","Local File Permissions",{"name":81},{"id":87,"name":88,"tactic":89},"D3-RFAM","Remote File Access Mediation",{"name":81},{"id":91,"name":92,"tactic":93},"D3-CQ","Content Quarantine",{"name":81},{"id":95,"name":96,"tactic":97},"D3-CM","Content Modification",{"name":81},{"id":99,"name":100,"tactic":101},"D3-EAL","Executable Allowlisting",{"name":81},{"id":103,"name":104,"tactic":105},"D3-EDL","Executable Denylisting",{"name":81},{"id":107,"name":108,"techniques":109},"CAPEC-17","Using Malicious Files",[110,147],{"id":111,"name":112,"tactics":113,"countermeasures":125},"T1574.005","Executable Installer File Permissions Weakness",[114,115,116,119,122],{"id":34,"name":35},{"id":37,"name":38},{"id":117,"name":118},"TA0030","Defense Evasion",{"id":120,"name":121},"TA0005","Stealth",{"id":123,"name":124},"TA0104","Execution",[126,131,135,139,143],{"id":127,"name":128,"tactic":129},"D3-SWI","Software Inventory",{"name":130},"Model",{"id":132,"name":133,"tactic":134},"D3-AVE","Asset Vulnerability Enumeration",{"name":130},{"id":136,"name":137,"tactic":138},"D3-SBV","Service Binary Verification",{"name":44},{"id":140,"name":141,"tactic":142},"D3-SU","Software Update",{"name":71},{"id":144,"name":145,"tactic":146},"D3-RS","Restore Software",{"name":76},{"id":148,"name":149,"tactics":150,"countermeasures":156},"T1574.010","Services File Permissions Weakness",[151,152,153,154,155],{"id":34,"name":35},{"id":37,"name":38},{"id":117,"name":118},{"id":120,"name":121},{"id":123,"name":124},[157,159,161,163,165],{"id":127,"name":128,"tactic":158},{"name":130},{"id":132,"name":133,"tactic":160},{"name":130},{"id":136,"name":137,"tactic":162},{"name":44},{"id":140,"name":141,"tactic":164},{"name":71},{"id":144,"name":145,"tactic":166},{"name":76},{"id":168,"name":169,"techniques":170},"CAPEC-35","Leverage Executable Code in Non-Executable Files",[171,178,185],{"id":172,"name":173,"tactics":174,"countermeasures":177},"T1027.006","HTML Smuggling",[175,176],{"id":117,"name":118},{"id":120,"name":121},[],{"id":179,"name":180,"tactics":181,"countermeasures":184},"T1027.009","Embedded Payloads",[182,183],{"id":117,"name":118},{"id":120,"name":121},[],{"id":186,"name":187,"tactics":188,"countermeasures":191},"T1564.009","Resource Forking",[189,190],{"id":117,"name":118},{"id":120,"name":121},[192],{"id":193,"name":194,"tactic":195},"D3-FFV","File Format Verification",{"name":81},{"id":197,"name":198,"techniques":199},"CAPEC-76","Manipulating Web Input to File System Calls",[],[],[202,203],"GHSA-g2j6-57v7-gm8c","GO-2023-1683",[],[206,208,210,212,214,216,218,220,222,224,226,228,230,232],{"_key":207},"SUSE-SU-2023:1726-1",{"_key":209},"UBUNTU-CVE-2023-28642",{"_key":211},"USN-6088-1",{"_key":213},"SUSE-SU-2023:2003-1",{"_key":215},"OPENSUSE-SU-2024:12826-1",{"_key":217},"DLA-3369-1",{"_key":219},"OPENSUSE-SU-2025:15424-1",{"_key":221},"MGASA-2023-0125",{"_key":223},"DEBIAN-CVE-2023-28642",{"_key":225},"USN-6088-2",{"_key":227},"RHSA-2023:6380",{"_key":229},"RHSA-2024:0564",{"_key":231},"RHSA-2023:6938",{"_key":233},"RHSA-2023:6939",[],[236,237,238,239,240,241,243,245],{"_key":207},{"_key":213},{"_key":215},{"_key":219},{"_key":221},{"_key":242},"CGA-959M-F2HX-94GG",{"_key":244},"CGA-JJ6C-2JWP-VGQ7",{"_key":246},"CGA-RRC4-39XR-5634","2023-03-29T18:15:48.957Z","2025-02-12T16:02:53.406Z","Modified",{"cisa_kev":251,"cisa_ransomware":251,"cisa_vendor":9,"epss_severity":252,"epss_score":253,"severity":254,"severity_score":255,"severity_version":256,"severity_source":257,"severity_vector":258,"severity_status":249},false,"low",0.00012,"high",7.8,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",[260,271,277,281,285,290],{"url":261,"sources":262,"tags":265},"https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c",[263,257,264],"cve.org","osv_go",[266,267,268,269,270],"X Refsource CONFIRM","Patch","Vendor Advisory","WEB","Advisory",{"url":272,"sources":273,"tags":274},"https://github.com/opencontainers/runc/pull/3785",[263,257,264],[275,267,269,276],"X Refsource MISC","FIX",{"url":278,"sources":279,"tags":280},"https://security.netapp.com/advisory/ntap-20241206-0005/",[263,257],[],{"url":282,"sources":283,"tags":284},"https://nvd.nist.gov/vuln/detail/CVE-2023-28642",[264],[270],{"url":286,"sources":287,"tags":288},"https://github.com/opencontainers/runc",[264],[289],"PACKAGE",{"url":291,"sources":292,"tags":293},"https://security.netapp.com/advisory/ntap-20241206-0005",[264],[269],[],{"date":296,"score":253,"percentile":297},"2026-06-04",0.01863,[299,303,306,309,312,315,318,321,324,326,329,332,335,338,341,345,348,351,354,357,360,363,366,369,372,375,378,380,383,386,389,392,395,398,401,403,406,409,411,414,416,419,421,424,426,429,431,433,435,437,440,442,444,447,450,452,455,458,460,462,464,466,468,470,473,475,477,480,483,486,488,491,493,496,499,501,504,507,510,513,515,518,521,523,526,529,532,535,537,540],{"date":300,"score":301,"percentile":302},"2025-11-04",0.00011,0.00913,{"date":304,"score":301,"percentile":305},"2025-11-05",0.00923,{"date":307,"score":301,"percentile":308},"2025-11-06",0.00929,{"date":310,"score":301,"percentile":311},"2025-11-07",0.00931,{"date":313,"score":301,"percentile":314},"2025-11-08",0.0093,{"date":316,"score":301,"percentile":317},"2025-11-09",0.00928,{"date":319,"score":301,"percentile":320},"2025-11-10",0.00918,{"date":322,"score":301,"percentile":323},"2025-11-11",0.0092,{"date":325,"score":301,"percentile":323},"2025-11-12",{"date":327,"score":301,"percentile":328},"2025-11-13",0.00921,{"date":330,"score":301,"percentile":331},"2025-11-14",0.00924,{"date":333,"score":301,"percentile":334},"2025-11-15",0.00947,{"date":336,"score":301,"percentile":337},"2025-11-16",0.00948,{"date":339,"score":301,"percentile":340},"2025-11-17",0.00943,{"date":342,"score":343,"percentile":344},"2025-11-18",0.00042,0.08132,{"date":346,"score":301,"percentile":347},"2025-11-19",0.00461,{"date":349,"score":301,"percentile":350},"2025-11-20",0.00477,{"date":352,"score":301,"percentile":353},"2025-11-21",0.00988,{"date":355,"score":301,"percentile":356},"2025-11-22",0.00984,{"date":358,"score":301,"percentile":359},"2025-11-23",0.00975,{"date":361,"score":301,"percentile":362},"2025-11-24",0.00973,{"date":364,"score":301,"percentile":365},"2025-11-25",0.0097,{"date":367,"score":301,"percentile":368},"2025-11-26",0.00909,{"date":370,"score":301,"percentile":371},"2025-11-27",0.00907,{"date":373,"score":301,"percentile":374},"2025-11-28",0.00914,{"date":376,"score":301,"percentile":377},"2025-11-29",0.00935,{"date":379,"score":301,"percentile":340},"2025-11-30",{"date":381,"score":301,"percentile":382},"2025-12-01",0.00961,{"date":384,"score":301,"percentile":385},"2025-12-02",0.00954,{"date":387,"score":301,"percentile":388},"2025-12-03",0.00958,{"date":390,"score":301,"percentile":391},"2025-12-04",0.0095,{"date":393,"score":301,"percentile":394},"2025-12-05",0.0096,{"date":396,"score":301,"percentile":397},"2025-12-06",0.00962,{"date":399,"score":301,"percentile":400},"2025-12-07",0.00969,{"date":402,"score":301,"percentile":362},"2025-12-08",{"date":404,"score":301,"percentile":405},"2025-12-09",0.00986,{"date":407,"score":301,"percentile":408},"2025-12-10",0.00996,{"date":410,"score":301,"percentile":353},"2025-12-11",{"date":412,"score":301,"percentile":413},"2025-12-12",0.00985,{"date":415,"score":301,"percentile":362},"2025-12-13",{"date":417,"score":301,"percentile":418},"2025-12-14",0.00972,{"date":420,"score":301,"percentile":365},"2025-12-15",{"date":422,"score":301,"percentile":423},"2025-12-16",0.00974,{"date":425,"score":301,"percentile":359},"2025-12-17",{"date":427,"score":301,"percentile":428},"2025-12-18",0.00967,{"date":430,"score":301,"percentile":418},"2025-12-19",{"date":432,"score":301,"percentile":365},"2025-12-20",{"date":434,"score":301,"percentile":359},"2025-12-21",{"date":436,"score":301,"percentile":405},"2025-12-22",{"date":438,"score":301,"percentile":439},"2025-12-23",0.00982,{"date":441,"score":301,"percentile":439},"2025-12-24",{"date":443,"score":301,"percentile":413},"2025-12-25",{"date":445,"score":301,"percentile":446},"2025-12-26",0.00987,{"date":448,"score":301,"percentile":449},"2025-12-27",0.00994,{"date":451,"score":301,"percentile":413},"2025-12-28",{"date":453,"score":301,"percentile":454},"2025-12-29",0.00981,{"date":456,"score":301,"percentile":457},"2025-12-30",0.00979,{"date":459,"score":301,"percentile":359},"2025-12-31",{"date":461,"score":301,"percentile":439},"2026-01-01",{"date":463,"score":301,"percentile":457},"2026-01-02",{"date":465,"score":301,"percentile":356},"2026-01-03",{"date":467,"score":301,"percentile":365},"2026-01-04",{"date":469,"score":301,"percentile":362},"2026-01-05",{"date":471,"score":301,"percentile":472},"2026-01-06",0.00971,{"date":474,"score":301,"percentile":418},"2026-01-07",{"date":476,"score":301,"percentile":454},"2026-01-08",{"date":478,"score":301,"percentile":479},"2026-01-09",0.00995,{"date":481,"score":301,"percentile":482},"2026-01-10",0.00998,{"date":484,"score":301,"percentile":485},"2026-01-11",0.00997,{"date":487,"score":301,"percentile":485},"2026-01-12",{"date":489,"score":301,"percentile":490},"2026-01-13",0.01,{"date":492,"score":301,"percentile":482},"2026-01-14",{"date":494,"score":301,"percentile":495},"2026-01-15",0.01005,{"date":497,"score":301,"percentile":498},"2026-01-16",0.01013,{"date":500,"score":301,"percentile":498},"2026-01-17",{"date":502,"score":301,"percentile":503},"2026-01-18",0.01021,{"date":505,"score":301,"percentile":506},"2026-01-19",0.01023,{"date":508,"score":301,"percentile":509},"2026-01-20",0.01014,{"date":511,"score":301,"percentile":512},"2026-01-21",0.01009,{"date":514,"score":301,"percentile":498},"2026-01-22",{"date":516,"score":301,"percentile":517},"2026-01-23",0.01159,{"date":519,"score":301,"percentile":520},"2026-01-24",0.0116,{"date":522,"score":301,"percentile":520},"2026-01-25",{"date":524,"score":301,"percentile":525},"2026-01-26",0.01161,{"date":527,"score":301,"percentile":528},"2026-01-27",0.01153,{"date":530,"score":301,"percentile":531},"2026-01-28",0.01151,{"date":533,"score":301,"percentile":534},"2026-01-29",0.01157,{"date":536,"score":301,"percentile":520},"2026-01-30",{"date":538,"score":301,"percentile":539},"2026-01-31",0.01175,{"date":541,"score":301,"percentile":542},"2026-02-01",0.01204,[544,551,555],{"source":263,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":545,"cvss_v4_0":9},{"baseScore":546,"baseSeverity":547,"vectorString":548,"impactScore":549,"exploitabilityScore":550},6.1,"MEDIUM","CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",6.2,4.6,{"source":257,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":552,"cvss_v4_0":9},{"baseScore":255,"baseSeverity":553,"vectorString":258,"impactScore":554,"exploitabilityScore":550},"HIGH",9.8,{"source":264,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":556,"cvss_v4_0":9},{"baseScore":546,"baseSeverity":9,"vectorString":548,"impactScore":549,"exploitabilityScore":550},[558,571,578],{"ecosystem":559,"name":560,"vendor":561,"product":562,"cpe_part":9,"purl_type":563,"purl_namespace":561,"purl_name":562,"source":9,"versions":564},"Go","github.com/opencontainers/runc","github.com/opencontainers","runc","golang",[565],{"version":566,"is_range":567,"range_type":568,"version_start":9,"version_start_type":9,"version_end":569,"version_end_type":570,"fixed_in":9},"lt1_1_5",true,"semver","1.1.5","excluding",{"ecosystem":9,"name":562,"vendor":572,"product":562,"cpe_part":573,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":574},"linuxfoundation","a",[575],{"version":576,"is_range":567,"range_type":577,"version_start":9,"version_start_type":9,"version_end":569,"version_end_type":570,"fixed_in":9},"lt1.1.5","cpe",{"ecosystem":9,"name":562,"vendor":579,"product":562,"cpe_part":573,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":580},"opencontainers",[581],{"version":582,"is_range":567,"range_type":263,"version_start":9,"version_start_type":9,"version_end":569,"version_end_type":570,"fixed_in":9},"\u003C 1.1.5"]