CVE-2014-9358

2014-12-1600:00:00

ubuntu.com

0.003 Low

EPSS

Percentile

67.8%

JSON

Docker before 1.3.3 does not properly validate image IDs, which allows
remote attackers to conduct path traversal attacks and spoof repositories
via a crafted image in a (1) “docker load” operation or (2) “registry
communications.”

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772909>

References

groups.google.com/forum/#!msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ

launchpad.net/bugs/cve/CVE-2014-9358

nvd.nist.gov/vuln/detail/CVE-2014-9358

security-tracker.debian.org/tracker/CVE-2014-9358

CVE-2014-9358

Bugs

References

Related