CVE-2014-6407

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2014-6407

Severity

7.3

High

CVSS V3

Description

Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.

References

https://images.chainguard.dev/security/CGA-6cvg-hf66-vmvc
https://github.com/advisories/GHSA-5qgp-p5jc-w2rm
http://secunia.com/advisories/60171
http://secunia.com/advisories/60241
https://docs.docker.com/v1.3/release-notes/
http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html
http://www.openwall.com/lists/oss-security/2014/11/24/5

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2014-6407

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company