GHSA-5qgp-p5jc-w2rm

Опубликовано: 15 фев. 2022

Источник: github

Github: Прошло ревью

CVSS3: 7.3

Описание

Arbitrary Code Execution in Docker

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.

Ссылки

Пакеты

Наименование

github.com/docker/docker

Затронутые версииВерсия исправления

< 1.3.2

1.3.2

EPSS

Процентиль: 90%

0.05577

Низкий

7.3 High

CVSS3

CVE ID

CVE-2014-6407

Дефекты

CWE-59

Связанные уязвимости

CVE-2014-6407

ubuntu

больше 10 лет назад

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.

CVE-2014-6407

redhat

больше 10 лет назад

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.

CVE-2014-6407

nvd

больше 10 лет назад

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.