Go modules package
github.com/amir20/dozzle
pkg:golang/github.com/amir20/dozzle
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-44985 | Cri | 9.6 | <= 10.5.1 | — | May 26, 2026 | Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: func(r *http.Request) bool { return true }, accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite: | |
| CVE-2026-24740 | — | < 1.29.1-0.20260125230338-620e59aa2463 | 1.29.1-0.20260125230338-620e59aa2463 | Jan 27, 2026 | Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters (for example, `label=env=dev`) to obtain an interactive root shell in out‑of‑scope containers (for example, `en | ||
| CVE-2024-47182 | — | < 8.5.3 | 8.5.3 | Sep 27, 2024 | Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3. |
- affected <= 10.5.1
Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: func(r *http.Request) bool { return true }, accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite:
- CVE-2026-24740Jan 27, 2026affected < 1.29.1-0.20260125230338-620e59aa2463fixed 1.29.1-0.20260125230338-620e59aa2463
Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters (for example, `label=env=dev`) to obtain an interactive root shell in out‑of‑scope containers (for example, `en
- CVE-2024-47182Sep 27, 2024affected < 8.5.3fixed 8.5.3
Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3.