A flaw was discovered in Docker if it is compiled with Go 1.11. During a docker cp
command, the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container. An attacker could abuse this flaw by executing code with the root privileges.