CVE-2014-8179

CVE-2014-8179 affects Docker Engine prior to 1.8.3 and CS Docker Engine prior to 1.6.2-CS7. The vulnerability arises from improper validation and extraction of the manifest object from a JSON representation during a pull, enabling an attacker to inject new attributes into a JSON object and bypass...

CVE-2014-8178

CVE-2014-8178 affects Docker Engine prior to 1.8.3 and CS Docker Engine prior to 1.6.2-CS7. The root cause is failure to use globally unique identifiers to store image layers, enabling an attacker to poison the image cache via crafted images in pull or push operations. Mitigation: upgrade to the ...