CVE-2014-9358 in Docker
Summary
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications."
Be aware that VulDB is the high quality source for vulnerability data.
Reservation
12/09/2014
Disclosure
12/16/2014
Status
Confirmed
Entries
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerability | CWE | Exp | Cou | CVE |
|---|---|---|---|---|---|
| 73260 | Docker Registry input validation | 20 | Not defined | Official fix | CVE-2014-9358 |