CVE-2020-27534

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in go/github.com/moby/moby

Identifiers

GHSA-6hwg-w5jg-9c6x, CVE-2020-27534

Package Slug

go/github.com/moby/moby

Vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Description

util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call.

Affected Versions

All versions before 19.03.9

Solution

Upgrade to version 19.03.9 or above.

Last Modified

2024-02-01

source