Lucene search
RedhatCVELIST:CVE-2014-8179HistoryDec 04, 2019 - 3:10 p.m.
CVE-2014-8179
2019-12-0415:10:35
redhat
www.cve.org
1
0.002 Low
EPSS
Percentile
56.2%
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation.
CNA Affected
[
{
"product": "Docker Engine",
"vendor": "Docker",
"versions": [
{
"status": "affected",
"version": "before 1.8.3"
}
]
},
{
"product": "CS Docker Engine",
"vendor": "Docker",
"versions": [
{
"status": "affected",
"version": "before 1.6.2-CS7"
}
]
}
]References
lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html
lists.opensuse.org/opensuse-updates/2015-10/msg00036.html
blog.docker.com/2015/10/security-release-docker-1-8-3-1-6-2-cs7/
github.com/docker/docker/blob/master/CHANGELOG.md#183-2015-10-12
groups.google.com/forum/#%21msg/docker-dev/bWVVtLNbFy8/UaefOqMOCAAJ
www.docker.com/legal/docker-cve-database
Related
cbl_mariner
cbl_mariner
CVE-2014-8179 affecting package moby-buildx 0.4.1-3
2021-07-08 21:56:42
debiancve
debiancve
CVE-2014-8179
2019-12-17 18:15:13
cve
cve
CVE-2014-8179
2019-12-17 18:15:13
prion
prion
Input validation
2019-12-17 18:15:00
nvd
nvd
CVE-2014-8179
2019-12-17 18:15:13
ubuntucve
ubuntucve
CVE-2014-8179
2019-12-17 00:00:00
oraclelinux
oraclelinux
docker-engine security update
2015-10-14 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2015-3085)
2015-10-15 00:00:00
Mageia: Security Advisory (MGASA-2016-0043)
2016-02-08 00:00:00
Docker < 1.8.3 Multiple Vulnerabilities
2021-09-08 00:00:00
nessus
nessus
Oracle Linux 6 / 7 : docker-engine (ELSA-2015-3085)
2015-10-15 00:00:00
openSUSE Security Update : docker (openSUSE-2015-666)
2015-10-19 00:00:00
openSUSE Security Update : docker (openSUSE-2015-792)
2015-11-24 00:00:00
suse
suse
Security update for docker (important)
2015-10-15 13:26:51
mageia
mageia
Updated docker/golang packages fix security vulnerability
2016-02-05 20:26:09