Command injection vulnerability in Docker-ce and Docker-ee - CVE-2019-13139 (dpkg)ID: oval:org.secpod.oval:def:58213 | Date: (C)2019-10-09 (M)2023-11-10 |
Class: VULNERABILITY | Family: unix |
The host is installed with Docker-ce or Docker-ee before 18.09.4 and is prone to a command injection vulnerability. A flaw is present in the application, which fails an issue in the way docker build processes remote git URLs. Successful exploitation allows attackers to cause code execution in the context of the user executing the docker build command.
Product: |
docker-ce |
docker-ee |