CVE-2014-8179 in Docker and OpenSuse Products
Published on December 17, 2019

Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation.

NVD

Products Associated with CVE-2014-8179

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2014-8179 are published in these products:

Docker Cs Engine

Docker

OpenSuse

Affected Versions

Docker Engine:

Version before 1.8.3 is affected.

CS Docker Engine:

Version before 1.6.2-CS7 is affected.

Exploit Probability

EPSS

0.61%

Percentile

69.26%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2014-8179 in Docker and OpenSuse ProductsPublished on December 17, 2019

Products Associated with CVE-2014-8179

Affected Versions

Exploit Probability

CVE-2014-8179 in Docker and OpenSuse Products
Published on December 17, 2019