Fluid Attacks Database

Description

Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations in github.com/docker/compose Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations in github.com/docker/compose

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
go	github.com/docker/compose	-	-
go	github.com/docker/compose/v2	>=2.34.0 <2.40.2	2.40.2

Aliases

1. CVE-2025-627252. NVD-2025-627253. OSV-GO-2025-40774. OSV-2025-627255. GHSA-gv8h-7v7w-r22q6. GCVE-2025-627257. GHSA-gv8h-7v7w-r22q

References

1. https://github.com/docker/compose/commit/69bcb962bfb2ea53b41aa925333d356b577d61762. https://github.com/docker/compose/security/advisories/GHSA-gv8h-7v7w-r22q

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.