Docker Engine before 1.8.3 and CS Docker Engine before 1...
Moderate severity
Unreviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Feb 13, 2023
Description
Published by the National Vulnerability Database
Dec 17, 2019
Published to the GitHub Advisory Database
May 17, 2022
Last updated
Feb 13, 2023
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation.
References