CVE-2014-9358

Docker < 1.3.3 - Path Traversal via Image ID Spoofing

Title source: llm
STIX 2.1

Description

Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications."

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/534215/100/0/threaded

Scores

EPSS 0.0253
EPSS Percentile 83.0%

Details

CWE
CWE-20
Status published
Products (2)
docker/docker < 1.3.2
docker/docker 0 - 1.3.2Go
Published Dec 16, 2014
Tracked Since Feb 18, 2026