aikido.dev Secure My Code

Intel/AIKIDO-2024-10376

AIKIDO-2024-10376

github.com/containers/storage is vulnerable to Path Traversal

Path TraversalCVE-2024-9676 Published Oct 28, 2024

65

Medium Risk

This Affects:

github.com/containers/storage

1.17.0 - 1.51.1

Fixed in 1.51.2

1.52.0 - 1.55.0

Fixed in 1.55.1

Are you affected? Scan for Free

TL;DR

Affected versions of this package are vulnerable to path traversal. The containers/storage library improperly validates symlinks when attempting to read /etc/passwd inside the container, which allows an attacker to exploit this weakness and read arbitrary files on the host.

Who does this affect?

You are affected if you are using a version that falls within the vulnerable range.

Background info

github.com/containers/storage is vulnerable to Path Traversal in versions 1.17.0 - 1.51.1 and 1.52.0 - 1.55.0.

How to fix this

Upgrade the github.com/containers/storage library to a patch version.

65

Medium Risk

This Affects:

github.com/containers/storage

1.17.0 - 1.51.1

Fixed in 1.51.2

1.52.0 - 1.55.0

Fixed in 1.55.1

Are you affected? Scan for Free

Links

CVE Detail

github.com/advisories/GHSA-wq2p-5pc6-wpgf

GitHub Release

github.com/containers/storage/releases/tag/v1.51.2

Fix Commit

github.com/containers/storage/commit/935c58f4b3e364a9c9d33ed06476a831e6ad5679

Other

access.redhat.com/errata/RHSA-2024:10289

access.redhat.com/errata/RHSA-2024:8418

access.redhat.com/errata/RHSA-2024:8428

access.redhat.com/errata/RHSA-2024:8437

access.redhat.com/errata/RHSA-2024:8686

access.redhat.com/errata/RHSA-2024:8690

access.redhat.com/errata/RHSA-2024:8694

access.redhat.com/errata/RHSA-2024:8700

access.redhat.com/errata/RHSA-2024:8984

access.redhat.com/errata/RHSA-2024:9051

access.redhat.com/errata/RHSA-2024:9454

access.redhat.com/errata/RHSA-2024:9459

access.redhat.com/errata/RHSA-2024:9926

access.redhat.com/errata/RHSA-2025:0876

access.redhat.com/errata/RHSA-2025:2454

access.redhat.com/errata/RHSA-2025:2710

access.redhat.com/errata/RHSA-2025:3301

access.redhat.com/security/cve/CVE-2024-9676

bugzilla.redhat.com/show_bug.cgi?id=2317467

Are You Affected?

Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.

Free. No credit card required.

Aikido Platform

Company

Resources

Industries

Use Cases

Compare

Legal

Connect

hello@aikido.dev

Security

Subscribe

Stay up to date with all updates

LinkedIn YouTube X

© 2026 Aikido Security BV | BE0792914919

Keizer Karelstraat 15, 9000, Ghent, Belgium

95 Third St, 2nd Fl, San Francisco, CA 94103, US

Unit 6.15 Runway East 18 18 Crucifix Ln, London SE1 3JW UK

Ghent, Belgium | San Francisco, US

SOC 2

ISO 27001

ISO 27001Compliant

Get Security Done