Fluid Attacks Database

Description

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	docker.io	>=0 <1.8.3~ds1-1	1.8.3~ds1-1
debian 14	docker.io	>=0 <1.8.3~ds1-1	1.8.3~ds1-1
debian 12	docker.io	>=0 <1.8.3~ds1-1	1.8.3~ds1-1
debian 13	docker.io	>=0 <1.8.3~ds1-1	1.8.3~ds1-1
rpm rhel7	docker	-	-

Aliases

1. CVE-2014-81792. NVD-2014-81793. OSV-DEBIAN-2014-81794. OSV-2014-81795. SECURITY-TRACKER-CVE-2014-8179

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.