CVE-2024-8695

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.34.2

Description: A remote code execution vulnerability exists via crafted extension description or changelog, which could be exploited by a malicious extension.

Recommendations: For Docker Desktop versions prior to 4.34.2, update to version 4.34.2 or later to resolve the issue. As a temporary workaround, consider disabling the use of extensions in Docker Desktop until a patch is applied. Restrict access to the extension management feature to minimize the risk of exploitation. Avoid using crafted extension descriptions or changelogs in Docker Desktop until the issue is resolved.