Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2019-12-04T15:10:35
Updated: 2024-08-06T13:10:51.252Z
Reserved: 2014-10-10T00:00:00
Link: CVE-2014-8179
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-12-17T18:15:13.497
Modified: 2024-11-21T02:18:43.363
Link: CVE-2014-8179
Redhat