![]() ![]() This means that the server can be used as a proxy into the internal network where the server is. In the Network module, a manufacturer account can use the `/api/updateProducts.json` endpoint to make the server send a request to an arbitrary host. ![]() Versions starting with 3.2.0 prior to 3.6.1 are vulnerable to server-side request forgery. Affected Docker Desktop versions: from 4.13.0 before 4.23.0.įoodCoopShop is open source software for food coops and local shops. This issue has been fixed in Docker Desktop 4.23.0. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This TOCTOU bug leads to an out-of-bounds write vulnerability which can be further exploited, allowing an attacker to gain full local privilege escalation on the system.This issue affects Avast/Avg Antivirus: 23.8.ĭocker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. A time-of-check to time-of-use (TOCTOU) bug in handling of IOCTL (input/output control) requests.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |