ALAS2NITRO-ENCLAVES-2021-002 --- dockerID: oval:org.secpod.oval:def:1700782 | Date: (C)2021-12-14 (M)2023-11-10 |
Class: PATCH | Family: unix |
A flaw was found in Docker when it creates network bridges that accept IPv6 router advertisements by default. This flaw allows an attacker who can execute code in a container to possibly spoof rogue IPv6 router advertisements to perform a man-in-the-middle attack against the host network or another container. A flaw was found in moby. Moby buildkit calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call