A command injection flaw was discovered in Docker during the docker build
command. By providing a specially crafted path argument for the container to build, it is possible to inject command options to the git fetch
/git checkout
commands that are executed by Docker and to execute code with the privileges of the user running Docker. A local attacker who can run docker build
with a controlled build path, or a remote attacker who has control over the docker build path, could elevate their privileges or execute code.