Timmy_Foundation/hermes-agent
15
0
Fork 0
Code Issues 62 Pull Requests 1 Actions 1 Packages Projects Releases Wiki Activity
Files
claw-code/issue-151
hermes-agent/tools/environments/docker.py
Allegro ed32487cbe
Some checks failed
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 28s
Details
Tests / test (pull_request) Failing after 29s
Details
Docker Build and Publish / build-and-push (pull_request) Failing after 42s
Details
security: block dangerous Docker volume mounts (V-012, CVSS 8.7) 
Prevent privilege escalation via Docker socket mount.

Changes:
- tools/environments/docker.py: Add _is_dangerous_volume() validation
- Block docker.sock, /proc, /sys, /dev, root fs mounts
- Log security error when dangerous volume detected

Fixes container escape vulnerability where user-configured volumes
could mount Docker socket for host compromise.

CVSS: 8.7 (High)
Refs: V-012 in SECURITY_AUDIT_REPORT.md
CWE-250: Execution with Unnecessary Privileges
2026-03-30 23:55:45 +00:00

22 KiB
Raw Permalink Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink