Lei Wang ssst0n3

Hey all. 👋 Container Security newb here.

Here are the vulnerabilities i've found:

my_vulnerabilities: The vulnerabilities i've found

status	discovered	project	item
[DONE]	2021-02-23	bitnami/laravel	CVE-2021-21979: APP_KEY is fixed in docker image bitnami/laravel
[DONE]	2021-04-20	meshery	CVE-2021-31856: A Sql Injection in Meshery
[DONE]	2021-04-30	docker	CVE-2021-41089: docker cp allows unexpected chmod of host files
[DONE]	2021-05-26	kernel/cgroups	CVE-2022-0492 (co-author)
[DISCOVERED]	2021-07-14	runc	host infomation disclosure
[REPORTED]	2021-08-24	docker	docker *** dos
[DISCOVERED]	2022-06-17	runc	runc *** escape
[DONE]	2022-07-29	runc	CVE-2023-28642: AppArmor/SELinux bypass with symlinked /proc
[DISCOVERED]	2022-08-04	runc	runc host infomation disclosure
[DISCOVERED]	2023-02-14	docker	docker host arbitrary file write
[DISCOVERED]	2023-03-02	docker	docker host arbitrary file delete
[DONE]	2023-03-10	apport-cli	CVE-2023-1326 (co-author)
[REPORTED]	2023-03-30	runc	CVE-2025-3****: container escape
[DISCOVERED]	2023-04-07	runc	*** escape, containerd only
[DISCOVERED]	2023-05-10	kata	escape from ctr to guest vm
[DONE]	2024-12-17	nvidia-container-toolkit	CVE-2025-23359
[REPORTED]	2025-03-13	nvidia-container-toolkit	CVE-2025-23267
[REPORTED]	2025-04-29	runc	CVE-2025-5****,container escape

Here are some of my repositories i want to introduce to you:

container
- ctrsploit: A penetration toolkit for container environment
- docker_archive: Provide many versions of docker and docker's components
- registry_v2_client: A cli for registry v2
- docker_secret: An alternative of docker secret
golang
- go_instrumentation: A generic instrumentation tool for golang
- awesome_libs
- lightweight_api
- lightweight_db
- codeql-go-vendor: A codeql extractor for go vendor mode project
my poc/exp
- docker-cve-2022-39253-poc: docker host file read (using cve-2022-39253) poc
security research
- security-research-specification
- source-analysis-system: Next Generation Source Analysis Report
- GHSA-NOTIFY: open source software security advisories based on GHSA
ctf
- my_ctf_challenges: The ctf challenges i've designed
- waterdropctf
- reverse
  - opdb: an opcode level debugger for python
- crypto
  - yafu_docker: unofficial container image for yafu
- awd
  - portable-git: portable git
common security tools
- sectools
- go-shijack: tcp connection hijacker, go rewrite of shijack from 2001.
other
- awesome_scripts: A collection of awesome scripts
- sshtunnel: A nice useful ssh tunnel

updated at 2023-04-23

Created 43 commits in 6 repositories

ssst0n3/docker_archive 27 commits

ssst0n3/fake-nvidia 5 commits

ctrsploit/sploit-spec 5 commits

ssst0n3/security-research-specification 2 commits

ssst0n3/GHSA-NOTIFY 2 commits

ssst0n3/container-debug-artifacts 2 commits

Created an issue in ssst0n3/docker_archive that received 1 comment
Aug 11

opaque whiteout is ignored by d2vm

RUN rm -rf /root/.ssh/: not works RUN rm -rf /root/.ssh/authorized_keys: works google/go-containerregistry#1897

1 comment

150 contributions in private repositories Aug 2 – Aug 26

	Sep	Oct	Nov	Dec	Jan	Feb	Mar	Apr	May	Jun	Jul	Aug
Sun
Mon
Tue
Wed
Thu
Fri
Sat

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Lei Wang ssst0n3

Achievements

Achievements

Highlights

Organizations

Block or report ssst0n3

Hey all. 👋 Container Security newb here.

Pinned Loading

3,761 contributions in the last year

Activity overview

Contribution activity

August 2025

Created an issue in ssst0n3/docker_archive that received 1 comment

opaque whiteout is ignored by d2vm