Page 3 of 11 results (0.003 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious docker-desktop:// URL. • https://docs.docker.com/desktop/release-notes/#4170 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •