Moderate severityNVD Advisory· Published Dec 16, 2014· Updated May 6, 2026
CVE-2014-9358
CVE-2014-9358
Description
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation or (2) "registry communications."
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/docker/dockerGo | < 1.3.2 | 1.3.2 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/advisories/GHSA-qmmc-jppf-32wvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-9358ghsaADVISORY
- www.securityfocus.com/archive/1/534215/100/0/threadednvdWEB
- access.redhat.com/security/cve/cve-2014-9358ghsaWEB
- groups.google.com/forum/ghsaWEB
- groups.google.com/forum/nvdWEB
- web.nvd.nist.gov/view/vuln/detailghsaWEB
News mentions
0No linked articles in our index yet.