CVE-2014-0048

Name of the Vulnerable Software and Affected Versions Docker versions prior to 1.6.0

Description An issue was found where some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways. This poses a risk due to the lack of encryption and authentication in HTTP, making it possible for attackers to intercept and modify the data being downloaded.

Recommendations For Docker versions prior to 1.6.0, update to version 1.6.0 or later to resolve the issue. As a temporary workaround, consider restricting the execution of scripts and programs downloaded via HTTP until a patch is available. Avoid using HTTP for downloading and executing programs and scripts in Docker until the issue is resolved.