cbcvebase.
CVE-2014-9356
published 2019-12-02

CVE-2014-9356: Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full…

PriorityP355high8.6CVSS 3.1
AVNACLPRNUINSCCNIHAN
EPSS
4.92%
91.0th percentile
Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.

Affected

6 ranges
VendorProductVersion rangeFixed in
debiandocker.io< docker.io 1.3.3~dfsg1-1 (bookworm)docker.io 1.3.3~dfsg1-1 (bookworm)
dockerdocker< 1.3.31.3.3
github.comdocker_docker>= 0 < 1.3.31.3.3
msrccbl_mariner_1.0_arm
msrccbl_mariner_1.0_x64
msrccm1_moby-buildx_0.4.1+azure-3_on_cbl_mariner_1.0

CVSS provenance

nvdv3.18.6HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
nvdv2.08.5HIGHAV:N/AC:L/Au:N/C:N/I:C/A:P
osv8.6HIGH
vendor_debian8.6HIGH
vendor_msrc8.6HIGH
vendor_redhat8.6HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.