Docker Engine before 1.8.3 and CS Docker Engine before 1...
Low severity
Unreviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Feb 20, 2023
Description
Published by the National Vulnerability Database
Dec 17, 2019
Published to the GitHub Advisory Database
May 17, 2022
Last updated
Feb 20, 2023
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands.
References