[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-0132":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":28,"aliases":43,"duplicate_of":9,"upstream":46,"downstream":47,"duplicates":58,"related":59,"reserved_at":9,"published_at":67,"modified_at":68,"state":69,"summary":70,"references_raw":78,"kevs":109,"epss":110,"epss_history":113,"metrics":369,"affected":386},"CVE-2024-0132","NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-367","Time-of-check Time-of-use (TOCTOU) Race Condition","The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.","weakness","Incomplete","Base","Medium",[20,24],{"id":21,"name":22,"techniques":23},"CAPEC-27","Leveraging Race Conditions via Symbolic Links",[],{"id":25,"name":26,"techniques":27},"CAPEC-29","Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions",[],[29],{"_key":30,"name":31,"source":32,"url":33,"maturity":34,"reliability_score":35,"verified":36,"type":37,"platforms":38,"requires_auth":9,"exploitdb":40,"metasploit":9},"52095","NVIDIA Container Toolkit 1.16.1 - Time-of-check Time-of-Use (TOCTOU)","exploit-database","https://www.exploit-db.com/exploits/52095","poc",0.5,false,"local",[39],"linux",{"verified":36,"type":37,"platform":39,"file":41,"codes":42},"exploits/linux/local/52095.txt",[7],[44,45],"GHSA-mjjw-553x-87pq","GO-2024-3239",[],[48,50,52,54,56],{"_key":49},"OPENSUSE-SU-2024:0350-1",{"_key":51},"SUSE-SU-2024:3950-1",{"_key":53},"OPENSUSE-SU-2024:14458-1",{"_key":55},"SUSE-SU-2025:4187-1",{"_key":57},"SUSE-SU-2026:0558-1",[],[60,61,62,63,64,65],{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":66},"CGA-MFV9-CW75-PQ37","2024-09-26T05:18:33.211Z","2024-09-27T03:55:16.649Z","Analyzed",{"cisa_kev":36,"cisa_ransomware":36,"cisa_vendor":9,"epss_severity":71,"epss_score":72,"severity":73,"severity_score":74,"severity_version":75,"severity_source":76,"severity_vector":77,"severity_status":69},"low",0.03913,"critical",9,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",[79,87,91,95,100,104],{"url":80,"sources":81,"tags":84},"https://nvidia.custhelp.com/app/answers/detail/a_id/5582",[76,82,83],"nvd","osv_go",[85,86],"Vendor Advisory","WEB",{"url":88,"sources":89,"tags":90},"https://github.com/NVIDIA/gpu-operator/security/advisories/GHSA-95rf-r6p4-44h7",[83],[86],{"url":92,"sources":93,"tags":94},"https://github.com/NVIDIA/libnvidia-container/security/advisories/GHSA-q2v4-jw5g-9xxj",[83],[86],{"url":96,"sources":97,"tags":98},"https://github.com/NVIDIA/nvidia-container-toolkit/security/advisories/GHSA-mjjw-553x-87pq",[83],[86,99],"Advisory",{"url":101,"sources":102,"tags":103},"https://nvd.nist.gov/vuln/detail/CVE-2024-0132",[83],[99],{"url":105,"sources":106,"tags":107},"https://github.com/NVIDIA/nvidia-container-toolkit",[83],[108],"PACKAGE",[],{"date":111,"score":72,"percentile":112},"2026-06-04",0.88507,[114,118,122,125,128,131,134,136,139,142,145,148,150,153,156,160,163,166,169,172,175,178,181,183,185,188,191,193,196,199,201,204,207,210,213,216,219,222,225,228,231,233,236,239,242,244,246,249,251,254,256,259,262,265,268,271,274,277,280,283,285,288,291,294,296,299,302,304,307,309,311,314,317,320,323,326,329,332,334,336,339,342,345,348,351,354,357,360,363,366],{"date":115,"score":116,"percentile":117},"2025-11-04",0.02996,0.86052,{"date":119,"score":120,"percentile":121},"2025-11-05",0.02917,0.85876,{"date":123,"score":120,"percentile":124},"2025-11-06",0.85879,{"date":126,"score":120,"percentile":127},"2025-11-07",0.85889,{"date":129,"score":120,"percentile":130},"2025-11-08",0.85892,{"date":132,"score":120,"percentile":133},"2025-11-09",0.85887,{"date":135,"score":120,"percentile":133},"2025-11-10",{"date":137,"score":120,"percentile":138},"2025-11-11",0.85891,{"date":140,"score":120,"percentile":141},"2025-11-12",0.85902,{"date":143,"score":120,"percentile":144},"2025-11-13",0.85908,{"date":146,"score":120,"percentile":147},"2025-11-14",0.8591,{"date":149,"score":120,"percentile":141},"2025-11-15",{"date":151,"score":120,"percentile":152},"2025-11-16",0.85901,{"date":154,"score":120,"percentile":155},"2025-11-17",0.85886,{"date":157,"score":158,"percentile":159},"2025-11-18",0.07137,0.90654,{"date":161,"score":158,"percentile":162},"2025-11-19",0.90658,{"date":164,"score":158,"percentile":165},"2025-11-20",0.90662,{"date":167,"score":116,"percentile":168},"2025-11-21",0.86071,{"date":170,"score":116,"percentile":171},"2025-11-22",0.86065,{"date":173,"score":116,"percentile":174},"2025-11-23",0.8606,{"date":176,"score":116,"percentile":177},"2025-11-24",0.86063,{"date":179,"score":116,"percentile":180},"2025-11-25",0.86062,{"date":182,"score":116,"percentile":180},"2025-11-26",{"date":184,"score":116,"percentile":177},"2025-11-27",{"date":186,"score":116,"percentile":187},"2025-11-28",0.8604,{"date":189,"score":116,"percentile":190},"2025-11-29",0.86111,{"date":192,"score":116,"percentile":190},"2025-11-30",{"date":194,"score":116,"percentile":195},"2025-12-01",0.86164,{"date":197,"score":116,"percentile":198},"2025-12-02",0.86166,{"date":200,"score":116,"percentile":198},"2025-12-03",{"date":202,"score":116,"percentile":203},"2025-12-04",0.86106,{"date":205,"score":116,"percentile":206},"2025-12-05",0.86108,{"date":208,"score":116,"percentile":209},"2025-12-06",0.86103,{"date":211,"score":116,"percentile":212},"2025-12-07",0.8609,{"date":214,"score":116,"percentile":215},"2025-12-08",0.86091,{"date":217,"score":116,"percentile":218},"2025-12-09",0.86098,{"date":220,"score":116,"percentile":221},"2025-12-10",0.86117,{"date":223,"score":116,"percentile":224},"2025-12-11",0.86123,{"date":226,"score":116,"percentile":227},"2025-12-12",0.86125,{"date":229,"score":116,"percentile":230},"2025-12-13",0.8612,{"date":232,"score":116,"percentile":190},"2025-12-14",{"date":234,"score":116,"percentile":235},"2025-12-15",0.86105,{"date":237,"score":120,"percentile":238},"2025-12-16",0.85938,{"date":240,"score":120,"percentile":241},"2025-12-17",0.85944,{"date":243,"score":116,"percentile":224},"2025-12-18",{"date":245,"score":116,"percentile":227},"2025-12-19",{"date":247,"score":116,"percentile":248},"2025-12-20",0.86121,{"date":250,"score":116,"percentile":227},"2025-12-21",{"date":252,"score":116,"percentile":253},"2025-12-22",0.86116,{"date":255,"score":116,"percentile":248},"2025-12-23",{"date":257,"score":116,"percentile":258},"2025-12-24",0.86127,{"date":260,"score":116,"percentile":261},"2025-12-25",0.86139,{"date":263,"score":116,"percentile":264},"2025-12-26",0.86142,{"date":266,"score":116,"percentile":267},"2025-12-27",0.86189,{"date":269,"score":120,"percentile":270},"2025-12-28",0.85963,{"date":272,"score":120,"percentile":273},"2025-12-29",0.85958,{"date":275,"score":120,"percentile":276},"2025-12-30",0.85966,{"date":278,"score":120,"percentile":279},"2025-12-31",0.85974,{"date":281,"score":120,"percentile":282},"2026-01-01",0.86034,{"date":284,"score":120,"percentile":282},"2026-01-02",{"date":286,"score":120,"percentile":287},"2026-01-03",0.86033,{"date":289,"score":120,"percentile":290},"2026-01-04",0.85973,{"date":292,"score":120,"percentile":293},"2026-01-05",0.85972,{"date":295,"score":120,"percentile":290},"2026-01-06",{"date":297,"score":120,"percentile":298},"2026-01-07",0.85975,{"date":300,"score":120,"percentile":301},"2026-01-08",0.85984,{"date":303,"score":120,"percentile":301},"2026-01-09",{"date":305,"score":120,"percentile":306},"2026-01-10",0.8598,{"date":308,"score":120,"percentile":298},"2026-01-11",{"date":310,"score":120,"percentile":293},"2026-01-12",{"date":312,"score":120,"percentile":313},"2026-01-13",0.85967,{"date":315,"score":120,"percentile":316},"2026-01-14",0.85982,{"date":318,"score":120,"percentile":319},"2026-01-15",0.85981,{"date":321,"score":120,"percentile":322},"2026-01-16",0.85987,{"date":324,"score":120,"percentile":325},"2026-01-17",0.8599,{"date":327,"score":120,"percentile":328},"2026-01-18",0.85989,{"date":330,"score":120,"percentile":331},"2026-01-19",0.85985,{"date":333,"score":120,"percentile":301},"2026-01-20",{"date":335,"score":120,"percentile":328},"2026-01-21",{"date":337,"score":120,"percentile":338},"2026-01-22",0.85993,{"date":340,"score":120,"percentile":341},"2026-01-23",0.86007,{"date":343,"score":120,"percentile":344},"2026-01-24",0.86015,{"date":346,"score":120,"percentile":347},"2026-01-25",0.8601,{"date":349,"score":120,"percentile":350},"2026-01-26",0.86008,{"date":352,"score":120,"percentile":353},"2026-01-27",0.86014,{"date":355,"score":120,"percentile":356},"2026-01-28",0.86019,{"date":358,"score":120,"percentile":359},"2026-01-29",0.86022,{"date":361,"score":120,"percentile":362},"2026-01-30",0.86028,{"date":364,"score":120,"percentile":365},"2026-01-31",0.86027,{"date":367,"score":120,"percentile":368},"2026-02-01",0.86092,[370,375,381],{"source":76,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":371,"cvss_v4_0":9},{"baseScore":74,"baseSeverity":372,"vectorString":77,"impactScore":373,"exploitabilityScore":374},"CRITICAL",10,5.9,{"source":82,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":376,"cvss_v4_0":9},{"baseScore":377,"baseSeverity":378,"vectorString":379,"impactScore":373,"exploitabilityScore":380},8.3,"HIGH","CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",4.1,{"source":83,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":382,"cvss_v4_0":383},{"baseScore":74,"baseSeverity":9,"vectorString":77,"impactScore":373,"exploitabilityScore":374},{"baseScore":384,"baseSeverity":9,"vectorString":385,"impactScore":9,"exploitabilityScore":9},9.3,"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",[387,400,409,415,422],{"ecosystem":388,"name":389,"vendor":390,"product":391,"cpe_part":9,"purl_type":392,"purl_namespace":390,"purl_name":391,"source":9,"versions":393},"Go","github.com/NVIDIA/nvidia-container-toolkit","github.com/NVIDIA","nvidia-container-toolkit","golang",[394],{"version":395,"is_range":396,"range_type":397,"version_start":9,"version_start_type":9,"version_end":398,"version_end_type":399,"fixed_in":9},"lt1_16_2",true,"semver","1.16.2","excluding",{"ecosystem":9,"name":401,"vendor":402,"product":403,"cpe_part":404,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":405},"Container Toolkit","nvidia","container toolkit","a",[406],{"version":407,"is_range":36,"range_type":76,"version_start":407,"version_start_type":408,"version_end":407,"version_end_type":408,"fixed_in":9},"All versions up to and including v1.16.1","including",{"ecosystem":9,"name":410,"vendor":402,"product":411,"cpe_part":404,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":412},"GPU Operator","gpu operator",[413],{"version":414,"is_range":36,"range_type":76,"version_start":414,"version_start_type":408,"version_end":414,"version_end_type":408,"fixed_in":9},"All versions up to and including 24.6.1",{"ecosystem":9,"name":416,"vendor":402,"product":417,"cpe_part":404,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":418},"nvidia container toolkit","nvidia_container_toolkit",[419],{"version":420,"is_range":396,"range_type":421,"version_start":9,"version_start_type":9,"version_end":398,"version_end_type":399,"fixed_in":9},"lt1.16.2","cpe",{"ecosystem":9,"name":423,"vendor":402,"product":424,"cpe_part":404,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":425},"nvidia gpu operator","nvidia_gpu_operator",[426],{"version":427,"is_range":396,"range_type":421,"version_start":9,"version_start_type":9,"version_end":428,"version_end_type":399,"fixed_in":9},"lt24.6.2","24.6.2"]