Approved changes feed: RSS · Atom
cpe:2.3:a:docker:docker:17.11.0-ce:rc2:*:*:community:*:*:*
part: a version: 17.11.0-ce update: rc2
| Vendor | Docker (fb312c2d-be4d-5919-b619-61409dcafa2c) |
|---|---|
| Product | Docker (c8c9d969-271a-5fc1-a74d-e1a37f1d19cf) |
| Edition | * |
| Language | * |
| Software edition | community |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/docker |
purl2cpe | 2026-06-01 10:13:11.114502 |
pkg:deb/ubuntu/docker |
purl2cpe | 2026-06-01 10:13:11.114503 |
pkg:github/docker/docker-install |
purl2cpe | 2026-06-01 10:13:11.114505 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2018-15664 |
vulnerable | 2026-06-03 14:38:14.146724 |
Details available
In Docker through 18.06.1-ce-rc2, the API endpoints behind the 'docker cp' command are vulnerable to a symlink-exchange attack with Directory Traversal, giving attackers arbitrary read-write access to the host filesystem with root privileges, because daemon/archive.go does not do archive operations on a frozen filesystem (or from within a chroot).
Published: 2019-05-23T13:58:37.000Z
Updated: 2024-08-05T10:01:54.533Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.