Time-of-check Time-of-use (TOCTOU) Race Condition Affecting iSulad package, versions [0,]
Snyk CVSS
Attack Complexity
High
Confidentiality
High
Integrity
High
Availability
High
Threat Intelligence
EPSS
0.04% (10th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-UNMANAGED-ISULAD-6495523
- published 26 Mar 2024
- disclosed 25 Mar 2024
- credit xuxuepeng
Introduced: 25 Mar 2024
CVE-2021-33632 Open this link in a new tabHow to fix?
A fix was pushed into the master
branch but not yet published.
Overview
Affected versions of this package are vulnerable to Time-of-check Time-of-use (TOCTOU) Race Condition due to the improper handling of file states during certain operations. An attacker can exploit this flaw to manipulate files or actions between the check and use phases, potentially leading to unauthorized actions or information disclosure.