CGA-3m6r-4f9x-77mh

Published

Last updated

https://images.chainguard.dev/security/CGA-3m6r-4f9x-77mh

Package

docker

Latest Update

Not affected

Aliases

CVE-2020-27534
GHSA-6hwg-w5jg-9c6x

Severity

5.3

Medium

CVSS V3

Summary

Path Traversal in Moby builder

Description

util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call.

References

https://nvd.nist.gov/vuln/detail/CVE-2020-27534
https://github.com/advisories/GHSA-6hwg-w5jg-9c6x
https://github.com/moby/buildkit/pull/1462
https://github.com/moby/moby/pull/40877
https://bugzilla.redhat.com/show_bug.cgi?id=1921154
http://web.archive.org/web/20200530054359/https://docs.docker.com/engine/release-notes

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-3m6r-4f9x-77mh

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources