Staaldraad

**Name of the Vulnerable Software and Affected Versions** Docker versions prior to 18.09.4 **Description** The issue is related to insufficient argument validation in the `docker build` command, allowing an attacker to potentially gain unauthorized access to information, cause a denial of service, or impact the availability of information. Specifically, the problem lies in how `docker build` processes remote git URLs, leading to command injection into the underlying `git clone` command. This can result in code execution in the context of the user executing the `docker build` command, as git ref can be misinterpreted as a flag. **Recommendations** For Docker versions prior to 18.09.4, update to version 18.09.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `docker build` command with remote git URLs to minimize the risk of exploitation. Avoid using potentially malicious git URLs in the `docker build` command until the issue is resolved.