x/vulndb: potential Go vuln in github.com/kata-containers/runtime: GHSA-877x-32pm-p28x

[GoVulnBot]

In GitHub Security Advisory GHSA-877x-32pm-p28x, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/kata-containers/runtime	1.11.1	= 1.11.0

Cross references:

• CVE-2020-2026 appears in issue x/vulndb: potential Go vuln in github.com/kata-containers/runtime: GHSA-877x-32pm-p28x #811 NOT_IMPORTABLE
• GHSA-877x-32pm-p28x appears in issue x/vulndb: potential Go vuln in github.com/kata-containers/runtime: GHSA-877x-32pm-p28x #811 NOT_IMPORTABLE

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: TODO
    versions:
      - introduced: TODO (earliest fixed "1.11.1", vuln range "= 1.11.0")
    packages:
      - package: github.com/kata-containers/runtime
  - module: TODO
    versions:
      - introduced: TODO (earliest fixed "1.10.6", vuln range ">= 1.10.0, <= 1.10.5")
    packages:
      - package: github.com/kata-containers/runtime
  - module: TODO
    versions:
      - introduced: TODO (earliest fixed "1.9.1", vuln range "<= 1.9")
    packages:
      - package: github.com/kata-containers/runtime
description: A malicious guest compromised before a container creation (e.g. a malicious
    guest image or a guest running multiple containers) can trick the kata runtime
    into mounting the untrusted container filesystem on any host path, potentially
    allowing for code execution on the host. This issue affects Kata Containers 1.11
    versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5;
    Kata Containers 1.9 and earlier versions.
cves:
  - CVE-2020-2026
ghsas:
  - GHSA-877x-32pm-p28x

[tatianab]

Duplicate of #811