QwikSec

Security Database

CVE

CWE

Training

CVE-2018-11757

Published: Jul 23, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

In Docker Skeleton Runtime for Apache OpenWhisk, a Docker action inheriting the Docker tag openwhisk/dockerskeleton:1.3.0 (or earlier) may allow an attacker to replace the user function inside the container if the user code is vulnerable to code exploitation.

Vendor	Product	Versions
Apache Software Foundation	Docker Skeleton Runtime for Apache OpenWhisk	affected `Docker tag openwhisk/dockerskeleton 1.3.0 (or lower)`

References

vdb-entry

x_refsource_BID

[openwhisk-dev] 20180720 [CVE] CVE-2018-11757 Docker Skeleton Runtime for Apache OpenWhisk

mailing-list

x_refsource_MLIST

https://github.com/apache/incubator-openwhisk-runtime-docker/commit/891896f25c39bc336ef6dda53f80f466ac4ca3c8

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.