3 matches found
AZL-59217 CVE-2025-30204 affecting package moby-engine for versions less than 24.0.9-16
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...
AZL-53819 CVE-2024-36623 affecting package moby-engine for versions less than 24.0.9-13
moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes...
Moby Access Control Error Vulnerability
Moby is an open source project that aims to drive containerization of software and help the ecosystem mainstream container technology. An Access Control Error vulnerability exists in Moby versions prior to 24.0.9 and prior to 25.0.2, which stems from the classic builder cache system that is...