Skip to content

CVE-2016-3697 (Low) detected in github.com/fsouza/go-dockerclient-docker-1.9/go-1.4 #2

Open
Open
CVE-2016-3697 (Low) detected in github.com/fsouza/go-dockerclient-docker-1.9/go-1.4#2
Labels
security vulnerabilitySecurity vulnerability detected by WhiteSource
@mend-for-github-com

Description

@mend-for-github-com
mend-for-github-com
bot
opened on Feb 23, 2021

CVE-2016-3697 - Low Severity Vulnerability

Vulnerable Library - github.com/fsouza/go-dockerclient-docker-1.9/go-1.4

Go client for the Docker Engine API.

Dependency Hierarchy:

  • github.com/fsouza/go-dockerclient-docker-1.9/go-1.4 (Vulnerable Library)

Found in HEAD commit: 05c2ec0c66a46436eda171130dcd5bc49f857fad

Found in base branch: master

Vulnerability Details

libcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.

Publish Date: 2016-06-01

URL: CVE-2016-3697

CVSS 2 Score Details (2.1)

Base Score Metrics not available

Suggested Fix

Type: Upgrade version

Origin: https://security.gentoo.org/glsa/201612-28

Release Date: 2016-12-11

Fix Resolution: All Docker users should upgrade to the latest version >= docker-1.11.0

Metadata

Metadata

Assignees

No one assigned

    Labels

    security vulnerabilitySecurity vulnerability detected by WhiteSource

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions