What is CVE-2019-13139?

CVE-2019-13139 is a vulnerability in Docker before version 18.09.4 that allows an attacker to gain command execution by manipulating the build path for the "docker build" command.

What is the severity of CVE-2019-13139?

The severity of CVE-2019-13139 is high with a CVSS score of 8.4.

How does CVE-2019-13139 affect Docker?

CVE-2019-13139 affects Docker versions before 18.09.4 and can be exploited by supplying or manipulating the build path for the "docker build" command.

How can I fix CVE-2019-13139?

To fix CVE-2019-13139, update Docker to version 18.09.4 or higher.

Vulnerability/
CVE-2019-13139

high

8.4

CWE

78 77

22/8/2019

4/8/2024

CVE-2019-13139: OS Command Injection

Q: How can an attacker exploit CVE-2019-13139?

An attacker can exploit CVE-2019-13139 by manipulating the build path for the "docker build" command, allowing them to gain command execution.

First published: Thu Aug 22 2019(Updated: )

In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the "docker build" command would be able to gain command execution. An issue exists in the way "docker build" processes remote git URLs, and results in command injection into the underlying "git clone" command, leading to code execution in the context of the user executing the "docker build" command. This occurs because git ref can be misinterpreted as a flag.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Docker Docker	<18.09.4
debian/docker.io		18.09.1+dfsg1-7.1+deb10u3 20.10.5+dfsg1-1+deb11u2 20.10.24+dfsg1-1 20.10.25+dfsg1-2

Remedy

https://github.com/moby/moby/pull/38944

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2019-13139?
CVE-2019-13139 is a vulnerability in Docker before version 18.09.4 that allows an attacker to gain command execution by manipulating the build path for the "docker build" command.
What is the severity of CVE-2019-13139?
The severity of CVE-2019-13139 is high with a CVSS score of 8.4.
How does CVE-2019-13139 affect Docker?
CVE-2019-13139 affects Docker versions before 18.09.4 and can be exploited by supplying or manipulating the build path for the "docker build" command.
How can an attacker exploit CVE-2019-13139?
An attacker can exploit CVE-2019-13139 by manipulating the build path for the "docker build" command, allowing them to gain command execution.
How can I fix CVE-2019-13139?
To fix CVE-2019-13139, update Docker to version 18.09.4 or higher.

collector/nvd-index
collector/security-tracker-debian
agent/references
agent/severity
agent/author
agent/weakness
agent/type
agent/event
agent/description
agent/first-publish-date
agent/softwarecombine
agent/remedy
agent/last-modified-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/docker
canonical/docker docker
package-manager/debian

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.