3 matches found
CVE-2026-34168
CVE-2026-34168 affects Coolify prior to 4.0.0-beta.471. The vulnerability arises from the LocalPersistentVolume.name field being interpolated directly into docker volume commands without shell-escaping, enabling an authenticated user to inject and execute commands on managed servers when the reso...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation in the metadata field processing. An attacker can rename, move, or change permissions of files within the container by submitting specially crafted tag names such as System:FileName, System:Directory, or...
GHSA-PHHQ-63JG-FP7R Contrast vulnerability allows arbitrary host data Injection into container VOLUME mount points
Background The VOLUME directive in Dockerfiles, or the config.volumes field in OCI image descriptors, indicates filesystem paths "where the process is likely to write data". While these paths have special semantics in Docker, they are only hints in the OCI spec and are not treated specially by...