Sign In

CVE-2019-14271

ADVISORY - github

Summary

In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.

EPSS Score: 0.72198 (0.987)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-665

Improper Initialization

ADVISORY - github

CWE-665

Improper Initialization

CWE-94

Improper Control of Generation of Code ('Code Injection')

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-665

Improper Initialization

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

CWE-94

Improper Control of Generation of Code ('Code Injection')

ADVISORY - redhat

CWE-426

Untrusted Search Path

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in