virus logo FortiClient Vulnerability

Docker CVE-2019-13139 Command Injection Vulnerability

description-logoDescription

In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the \"docker build\" command would be able to gain command execution. An issue exists in the way \"docker build\" processes remote git URLs, and results in command injection into the underlying \"git clone\" command, leading to code execution in the context of the user executing the \"docker build\" command. This occurs because git ref can be misinterpreted as a flag.

affected-products-logoAffected Applications

Docker

CVE References

CVE-2019-13139

Other References

https://www.docker.com/blog/category/products/
ID 60383
Created Jan 17, 2020
Description
Updated		 Dec 15, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Linux
Vendor Docker
Patch manual
Application Docker