VYPR
Moderate severityNVD Advisory· Published Nov 17, 2014· Updated Jun 17, 2026

CVE-2014-5277

CVE-2014-5277

Description

Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/docker/dockerGo
< 1.3.11.3.1

Affected products

44

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.