CVE-2024-8696

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.34.2

Description: A remote code execution (RCE) vulnerability exists via crafted extension publisher-url/additional-urls that could be abused by a malicious extension. This issue can be exploited to execute code remotely.

Recommendations: For Docker Desktop versions prior to 4.34.2, update to version 4.34.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of extensions or disabling the publisher-url and additional-urls features until a patch is applied.