Attackers can exploit command injection flaws in the api-gateway-deploy container to gain root privileges and potentially escape to the host infrastructure.

The vulnerability stems from insecure input handling in entrypoint.sh and the use of the root user within the Dockerfile. An attacker can use OS command injection to execute arbitrary code, which, combined with the default root configuration, facilitates a container escape.

This vulnerability poses a severe threat to infrastructure integrity, as a successful container escape can lead to unauthorized access to the underlying host and adjacent network resources. With a CVSS score of 9.2, the risk of significant infrastructure modification and data theft is critical.

Immediate Action: Upgrade to version 1.0.1, which implements strict input sanitization and enforces a non-root "appuser" for container execution.

Proactive Monitoring: Monitor container logs for suspicious shell commands and audit host systems for unauthorized processes originating from the container runtime.

Compensating Controls: Utilize runtime security tools (e.g., Falco or AppArmor) to restrict container capabilities and prevent unauthorized system calls or file access.

Public Exploit Available: No

The transition from root to a non-privileged user is a fundamental security best practice that was missing in the initial release. Organizations must update to version 1.0.1 immediately to mitigate the risk of host-level compromise and ensure secure deployment of their API gateways.