CVE-2014-0048Improper Input Validation in Docker

CWE-20Improper Input ValidationCWE-319Cleartext Transmission of Sensitive Info8 documents8 sources
Severity
9.8CRITICALNVD
EPSS
3.3%
top 12.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
DockerDocker.ioApache Geode
Timeline
PublishedJan 2
Latest updateMay 17

Description

An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDdocker/docker< 1.5.0
CVEListV5docker.io/docker.iobefore 1.6.0
NVDapache/geode1.12.0

🔴Vulnerability Details

3
GHSA
GHSA-hr9j-w8vh-74wj: An issue was found in Docker before 12022-05-17
CVEList
CVE-2014-0048: An issue was found in Docker before 12020-01-02
OSV
CVE-2014-0048: An issue was found in Docker before 12020-01-02

📋Vendor Advisories

3
Microsoft
An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.2020-01-14
Red Hat
Docker: multiple files downloaded over HTTP and executed or used unsafely2015-03-24
Debian
CVE-2014-0048: docker.io - An issue was found in Docker before 1.6.0. Some programs and scripts in Docker a...2014

💬Community

1
Bugzilla
CVE-2014-0048 Docker: multiple files downloaded over HTTP and executed or used unsafely2014-02-11
CVE-2014-0048 — Improper Input Validation in Docker | cvebase