A flaw was found in Oslo Rootwrap CommandFilter function. IpNetnsExecFilter can be bypassed when an specific filter is enabled this could allow arbitrary code execution
This has been treated as a hardening issue upstream and likewise here. The issue, which is not considered a vulnerability, will be fixed as features are pulled in from upstream.