rootlesskit icon indicating copy to clipboard operation
rootlesskit copied to clipboard
verified publisher icon rootless-containers

[release/2.3] go.mod: github.com/containernetworking/plugins v1.9.0

Open AkihiroSuda opened this issue 2 weeks ago • 0 comments

Silence a govulncheck false alarm (not exploitable as portmap plugin is not imported as a library in RootlessKit)

$ govulncheck ./...
=== Symbol Results ===

Vulnerability #1: GO-2025-4222
    CNA Plugins Portmap nftables backend can intercept non-local traffic in
    github.com/containernetworking/plugins
  More info: https://pkg.go.dev/vuln/GO-2025-4222
  Module: github.com/containernetworking/plugins
    Found in: github.com/containernetworking/[email protected]
    Fixed in: github.com/containernetworking/[email protected]
    Example traces found:
      #1: pkg/port/builtin/child/child.go:74:23: child.RunChildDriver calls ns.NSPathNotExistErr.Error
      #2: pkg/port/builtin/child/child.go:74:23: child.RunChildDriver calls ns.NSPathNotNSErr.Error
      #3: pkg/network/vpnkit/vpnkit.go:230:29: vpnkit.startVPNKitRoutines calls ns.WithNetNSPath
      #4: pkg/port/builtin/child/child.go:14:2: child.init calls ns.init

Your code is affected by 1 vulnerability from 1 module.
This scan found no other vulnerabilities in packages you import or modules you
require.
Use '-show verbose' for more details.

AkihiroSuda avatar Dec 18 '25 01:12 AkihiroSuda