Golang/Github.com/Docker/Compose/V2 | GitLab Advisory Database

Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations

Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cache directory and writes the file there.

Advisories for Golang/Github.com/Docker/Compose/V2 package

Docker CLI Plugins: Uncontrolled Search Path Element Leads to Local Privilege Escalation on Windows

Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations