vulnerability

Amazon Linux AMI 2: CVE-2019-13139: Security patch for docker (Multiple Advisories)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:N/C:P/I:P/A:P)	Aug 22, 2019	Jul 4, 2022	Nov 27, 2024

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:P/A:P)

Published

Aug 22, 2019

Added

Jul 4, 2022

Modified

Nov 27, 2024

Description

In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git clone" command, leading to code execution in the context of the user executing the "docker build" command. This occurs because git ref can be misinterpreted as a flag.

Solution(s)

amazon-linux-ami-2-upgrade-dockeramazon-linux-ami-2-upgrade-docker-debuginfo

References

AMAZON-AL2/ALASDOCKER-2021-003
AMAZON-AL2/ALASNITRO-ENCLAVES-2021-003
CVE-2019-13139
https://attackerkb.com/topics/CVE-2019-13139

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today