Closed
Description
In GitHub Security Advisory GHSA-qmmc-jppf-32wv, there is a vulnerability in the following Go packages or modules:
| Unit | Fixed | Vulnerable Ranges |
|---|---|---|
| github.com/docker/docker | 1.3.2 | < 1.3.2 |
See doc/triage.md for instructions on how to triage this report.
packages:
- package: github.com/docker/docker
versions:
- fixed: 1.3.2
description: Docker before 1.3.3 does not properly validate image IDs, which allows
remote attackers to conduct path traversal attacks and spoof repositories via
a crafted image in a (1) "docker load" operation or (2) "registry communications."
published: 2022-02-15T00:41:14Z
last_modified: 2022-02-15T00:41:14Z
cves:
- CVE-2014-9358
ghsas:
- GHSA-qmmc-jppf-32wv
links:
context:
- https://github.com/advisories/GHSA-qmmc-jppf-32wv