boxlite 0.8.2

Direct Vulnerabilities

Known vulnerabilities in the boxlite package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Improper Resource Shutdown or Release boxlite is a Python bindings for Boxlite runtime Affected versions of this package are vulnerable to Improper Resource Shutdown or Release due to improper handling of process termination signals in the timeout mechanism by using the catchable SIGALRM signal instead of the uncatchable SIGKILL signal. An attacker can cause resource exhaustion and impact service availability by bypassing the intended timeout and allowing malicious code to continue running after the timeout is triggered. How to fix Improper Resource Shutdown or Release? A fix was pushed into the `master` branch but not yet published.	[0,)
M Symlink Attack boxlite is a Python bindings for Boxlite runtime Affected versions of this package are vulnerable to Symlink Attack via improper path resolution during extraction of OCI image layer tarballs. An attacker can write arbitrary files to locations outside the intended extraction root by crafting a layer with a symlink pointing to an absolute host path and including file entries that traverse this symlink. How to fix Symlink Attack? Upgrade `boxlite` to version 0.9.0 or higher.	[,0.9.0)
H Improper Isolation or Compartmentalization boxlite is a Python bindings for Boxlite runtime Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the mounting of host directories in read-only mode into VM. An attacker can gain unauthorized write access to the host filesystem by remounting a shared directory as read-write from within the guest environment. How to fix Improper Isolation or Compartmentalization? Upgrade `boxlite` to version 0.9.0 or higher.	[,0.9.0)

Vulnerability

Vulnerable Version

Improper Resource Shutdown or Release

boxlite is a Python bindings for Boxlite runtime

Affected versions of this package are vulnerable to Improper Resource Shutdown or Release due to improper handling of process termination signals in the timeout mechanism by using the catchable SIGALRM signal instead of the uncatchable SIGKILL signal. An attacker can cause resource exhaustion and impact service availability by bypassing the intended timeout and allowing malicious code to continue running after the timeout is triggered.

How to fix Improper Resource Shutdown or Release?

A fix was pushed into the master branch but not yet published.

[0,)

Symlink Attack

boxlite is a Python bindings for Boxlite runtime

Affected versions of this package are vulnerable to Symlink Attack via improper path resolution during extraction of OCI image layer tarballs. An attacker can write arbitrary files to locations outside the intended extraction root by crafting a layer with a symlink pointing to an absolute host path and including file entries that traverse this symlink.

How to fix Symlink Attack?

Upgrade boxlite to version 0.9.0 or higher.

[,0.9.0)

Improper Isolation or Compartmentalization

boxlite is a Python bindings for Boxlite runtime

Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the mounting of host directories in read-only mode into VM. An attacker can gain unauthorized write access to the host filesystem by remounting a shared directory as read-write from within the guest environment.

How to fix Improper Isolation or Compartmentalization?

Upgrade boxlite to version 0.9.0 or higher.

[,0.9.0)

boxlite@0.8.2

Python bindings for Boxlite runtime

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically