Tool Description: In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
A low severity vulnerability has been discovered in your project.
Project Name: IssueTest
Scanner Name: trivy
Cwe ID: 362
Cwe Name: Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)
Cwe Link: https://cwe.mitre.org/data/definitions/362.html
CVE ID: CVE-2017-18018
Target: nginx:latest (debian 11.3)
Packages:
References:
Tool Description: In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
Custom Description: test