Vulnerability Report: GO-2024-2521
- CVE-2019-14271, GHSA-v2cv-wwxq-qq97
- Affects: github.com/docker/docker, github.com/moby/moby
- Published: Jun 28, 2024
- Modified: Jul 15, 2024
In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.
For detailed information about this vulnerability, visit https://github.com/advisories/GHSA-v2cv-wwxq-qq97.
Affected Packages
-
PathGo VersionsCustom Versions*Symbols
-
before v20.10.0-beta1+incompatiblefrom 19.03.0 before 19.03.1all symbols
-
before v20.10.0-beta1+incompatiblefrom 19.03.0 before 19.03.1all symbols
*Custom versions, which can't be mapped automatically to standard Go module versions, are ignored by govulncheck. (See this note on versions for more details.)
Aliases
References
- https://github.com/advisories/GHSA-v2cv-wwxq-qq97
- https://github.com/moby/moby/commit/11e48badcb67554b3d795241855028f28d244545
- https://github.com/moby/moby/commit/fa8dd90ceb7bcb9d554d27e0b9087ab83e54bd2b
- https://github.com/moby/moby/pull/39612
- https://github.com/moby/moby/issues/39449
- https://vuln.go.dev/ID/GO-2024-2521.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.