A symlink following vulnerability in the pouch cp function of AliyunContainerService pouch v1.3.1 allows attackers to escalate privileges and write arbitrary files.