Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation.

Related CVEs

CVE-2014-8179

Key Information

GHSA ID

GHSA-7w47-v4xv-5crg

Published

May 17, 2022 7:57 PM

Last Modified

February 13, 2023 3:31 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: August 6, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.