CVE-2019-13139

Name of the Vulnerable Software and Affected Versions Docker versions prior to 18.09.4

Description The issue is related to insufficient argument validation in the docker build command, allowing an attacker to potentially gain unauthorized access to information, cause a denial of service, or impact the availability of information. Specifically, the problem lies in how docker build processes remote git URLs, leading to command injection into the underlying git clone command. This can result in code execution in the context of the user executing the docker build command, as git ref can be misinterpreted as a flag.

Recommendations For Docker versions prior to 18.09.4, update to version 18.09.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the docker build command with remote git URLs to minimize the risk of exploitation. Avoid using potentially malicious git URLs in the docker build command until the issue is resolved.