Vulnerability Report: GO-2024-2512
- CVE-2024-24557, GHSA-xw73-rw38-6vjc
- Affects: github.com/docker/docker, github.com/moby/moby
- Published: Jun 28, 2024
- Modified: Jul 01, 2024
Classic builder cache poisoning in github.com/docker/docker
For detailed information about this vulnerability, visit https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc.
Affected Packages
-
PathGo VersionsSymbols
-
before v24.0.9+incompatible, from v25.0.0+incompatible before v25.0.2+incompatibleall symbols
-
before v24.0.9+incompatible, from v25.0.0+incompatible before v25.0.2+incompatible
3 unexported affected symbols
- imageCache.GetCache
- isMatch
- localCache.GetCache
-
before v24.0.9+incompatible, from v25.0.0+incompatible before v25.0.2+incompatible
-
before v24.0.9+incompatible, from v25.0.0+incompatible before v25.0.2+incompatible
2 unexported affected symbols
- store.IsBuiltLocally
- store.SetBuiltLocally
-
before v24.0.9+incompatible, from v25.0.0+incompatible before v25.0.2+incompatible
-
before v24.0.9+incompatible, from v25.0.0+incompatible before v25.0.2+incompatibleall symbols
-
before v24.0.9+incompatible, from v25.0.0+incompatible before v25.0.2+incompatible
3 unexported affected symbols
- imageCache.GetCache
- isMatch
- localCache.GetCache
-
before v24.0.9+incompatible, from v25.0.0+incompatible before v25.0.2+incompatible
-
before v24.0.9+incompatible, from v25.0.0+incompatible before v25.0.2+incompatible
2 unexported affected symbols
- store.IsBuiltLocally
- store.SetBuiltLocally
-
before v24.0.9+incompatible, from v25.0.0+incompatible before v25.0.2+incompatible
Aliases
References
- https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc
- https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae
- https://github.com/moby/moby/commit/fca702de7f71362c8d103073c7e4a1d0a467fadd
- https://github.com/moby/moby/commit/fce6e0ca9bc000888de3daa157af14fa41fcd0ff
- https://vuln.go.dev/ID/GO-2024-2512.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.