VYPR

Go modules package

github.com/amir20/dozzle

pkg:golang/github.com/amir20/dozzle

Vulnerabilities (3)

  • CVE-2026-44985CriMay 26, 2026
    affected <= 10.5.1

    Dozzle is a realtime log viewer for docker containers. Prior to 10.5.2, he WebSocket upgrader for the /exec and /attach endpoints uses CheckOrigin: func(r *http.Request) bool { return true }, accepting upgrade requests from any origin. Combined with the JWT cookie using SameSite:

  • CVE-2026-24740Jan 27, 2026
    affected < 1.29.1-0.20260125230338-620e59aa2463fixed 1.29.1-0.20260125230338-620e59aa2463

    Dozzle is a realtime log viewer for docker containers. Prior to version 9.0.3, a flaw in Dozzle’s agent-backed shell endpoints allows a user restricted by label filters (for example, `label=env=dev`) to obtain an interactive root shell in out‑of‑scope containers (for example, `en

  • CVE-2024-47182Sep 27, 2024
    affected < 8.5.3fixed 8.5.3

    Dozzle is a realtime log viewer for docker containers. Before version 8.5.3, the app uses sha-256 as the hash for passwords, which leaves users susceptible to rainbow table attacks. The app switches to bcrypt, a more appropriate hash for passwords, in version 8.5.3.