Docker Build Path Command Execution Vulnerability

By GIXnews


A vulnerability in Docker could allow a local attacker to inject and execute arbitrary commands on a targeted system.

The vulnerability exists because the affected software misinterprets the git ref command as a flag. An attacker who is able to execute the docker build command and has control over the build path could exploit this vulnerability to inject and execute arbitrary commands on a targeted system.

Docker has confirmed the vulnerability and released software updates.

Security Impact Rating: High

CVE: CVE-2019-13139

Source:: Cisco Multivendor Vulnerability Alerts