CVE-2020-27534
MEDIUM WAF: High
CVSS 5.3
Published: 2020-12-30
CWE-22
util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call.
WAF Coverage Analysis
Path Traversal
High WAF Coverage
OWASP: A01:2021 Broken Access Control
930xxx - Local File Inclusion
Affected Software
| Vendor | Product | Version |
|---|---|---|
| docker | docker | up to 19.03.9 |
References
- web.archive.org (Release Notes, Third Party Advisory)
- github.com (Third Party Advisory)
- github.com (Third Party Advisory)
- golang.org (Third Party Advisory)
- golang.org (Third Party Advisory)