github.com/moby/moby is vulnerable to command injection. Misintepretation of the git ref
command as a flag allows an attacker to execute arbitrary code remotely if there is control over the build path issued to the docker build.
bugzilla.redhat.com/show_bug.cgi?id=1732627
docs.docker.com/engine/release-notes/#18094
github.com/docker/docker.github.io/blob/master/engine/release-notes.md#18094
github.com/docker/docker.github.io/commit/6c5f477ca10f3cbf2081b044be4987bb0098afdd
github.com/moby/moby/pull/38944
seclists.org/bugtraq/2019/Sep/21
security.netapp.com/advisory/ntap-20190910-0001/
staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/
www.debian.org/security/2019/dsa-4521