CVE-2014-9358

Name of the Vulnerable Software and Affected Versions Docker versions prior to 1.3.3

Description The issue allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a "docker load" operation or "registry communications." This is due to improper validation of image IDs.

Recommendations For Docker versions prior to 1.3.3, update to version 1.3.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of "docker load" operations and registry communications to minimize the risk of exploitation. Avoid using crafted images that could lead to path traversal attacks until the issue is resolved.