keepalived is vulnerable to arbitrary file overwrite. The vulnerability exists as there is an improper pathname validation that allows for overwrite of arbitrary filenames via symlinks.
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index
access.redhat.com/errata/RHSA-2019:2285
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1667292
bugzilla.suse.com/show_bug.cgi?id=1015141
github.com/acassen/keepalived/commit/04f2d32871bb3b11d7dc024039952f2fe2750306
github.com/acassen/keepalived/issues/1048
security.gentoo.org/glsa/201903-01