Tool Description: In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
Due Date: 2022-11-03
A low severity vulnerability has been discovered in your project.
Project Name: twrap-go
Scanner Name: trivy
Cwe ID: 362
Cwe Name: Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)
Cwe Link: https://cwe.mitre.org/data/definitions/362.html
CVE ID: CVE-2017-18018
Target: redis:latest (debian 11.5)
Packages:
References:
Tool Description: In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race condition.
Custom Description: asdas
Kondukto Link: http://79.kondukto.local/projects/634fe837a5be8478724352c4/vulns/appsec?page=1&perPage=15&id=in:636247699538740807b6fc45 Deeplink: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18018