github.com/hpcng/singularity uses insecure permissions. Insecure permissions on temporary directories used in explicit and implicit container build operations allows a user with access to the system to read the contents of the image during the build. If the image contains a world-writable file or directory, it is possible for an attacker to inject arbitrary content into the running build and potentially lead to arbitrary code execution.