vulnerability

VMware Photon OS: CVE-2019-13139

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:L/AC:L/Au:N/C:P/I:P/A:P)	Aug 22, 2019	Jan 20, 2025	Jul 14, 2025

Severity

CVSS

(AV:L/AC:L/Au:N/C:P/I:P/A:P)

Published

Aug 22, 2019

Added

Jan 20, 2025

Modified

Jul 14, 2025

Description

In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git clone" command, leading to code execution in the context of the user executing the "docker build" command. This occurs because git ref can be misinterpreted as a flag.

Solution

vmware-photon_os_update_tdnf

References

CVE-2019-13139
https://attackerkb.com/topics/CVE-2019-13139
CWE-78

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today