Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL.
CPE | Name | Operator | Version |
---|---|---|---|
docker_desktop | lt | 4.17.0 |