Fluid Attacks Database

Description

Path Traversal in Docker Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	docker.io	>=0 <1.3.3~dfsg1-1	1.3.3~dfsg1-1
go	github.com/moby/moby	>=0 <1.3.3	v1.3.3
debian 14	docker.io	>=0 <1.3.3~dfsg1-1	1.3.3~dfsg1-1
debian 11	docker.io	>=0 <1.3.3~dfsg1-1	1.3.3~dfsg1-1
go	github.com/fsouza/go-dockerclient	>=0 <1.3.3	1.3.3
go	github.com/docker/docker	>=0 <1.3.3	1.3.3
debian 12	docker.io	>=0 <1.3.3~dfsg1-1	1.3.3~dfsg1-1

Aliases

1. CVE-2014-93562. NVD-2014-93563. NVD-2014-93564. OSV-DEBIAN-2014-93565. OSV-2014-93566. GHSA-vj3f-3286-r4pf7. GCVE-2014-93568. SECURITY-TRACKER-CVE-2014-93569. ACCESS-cve-2014-9356

References

1. https://bugzilla.redhat.com/show_bug.cgi?id=11727612. https://groups.google.com/forum/#%21msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ3. http://www.securityfocus.com/archive/1/archive/1/534215/100/0/threaded4. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9356