Affected by GO-2022-0390
and 17 other vulnerabilities
GO-2022-0390: Moby (Docker Engine) started with non-empty inheritable Linux process capabilities in github.com/docker/docker
GO-2022-0625: Access Restriction Bypass in Docker in github.com/docker/docker
GO-2022-0630: Arbitrary Code Execution in Docker in github.com/docker/docker
GO-2022-0636: Man-in-the-Middle (MitM) in github.com/docker/docker
GO-2022-0640: Arbitrary Code Execution in github.com/docker/docker
GO-2022-0649: Symlink Attack in Libcontainer and Docker Engine in github.com/docker/docker
GO-2022-0705: Directory Traversal in Docker in github.com/docker/docker
GO-2022-0708: Arbitrary File Override in Docker Engine in github.com/docker/docker
GO-2022-0751: Path Traversal in Docker in github.com/docker/docker
GO-2022-0985: Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions in github.com/docker/docker
GO-2022-1107: Container build can leak any path on the host into the container in github.com/docker/docker
GO-2024-2914: Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing in github.com/docker/docker
GO-2025-3829: Moby firewalld reload removes bridge network isolation in github.com/docker/docker
GO-2026-4883: Moby has an Off-by-one error in its plugin privilege validation in github.com/docker/docker
GO-2026-4887: Moby has AuthZ plugin bypass when provided oversized request bodies in github.com/docker/docker
GO-2026-5617: Docker: Race condition in docker cp allows bind mount redirection to host path in github.com/docker/docker
GO-2026-5668: Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap in github.com/docker/docker
GO-2026-5746: Docker: `PUT /containers/{id}/archive` executes container binary on the host in github.com/docker/docker
QuoteString walks characters (after trimming), escapes any quotes and
escapes, then wraps the whole thing in quotes. Very useful for generating
argument output in nodes.
type Node struct {
Value string// actual content Next *Node// the next item in the current sexp Children []*Node// the children of this sexp Attributes map[string]bool// special attributes for this node Original string// original line used before parsing}
Node is a structure used to represent a parse tree.
In the node there are three fields, Value, Next, and Children. Value is the
current token's string value. Next is always the next non-child token, and
children contains all the children. Here's an example:
(value next (child child-next child-next-next) next-next)
This data structure is frankly pretty lousy for handling complex languages,
but lucky for us the Dockerfile isn't very complicated. This structure
works a little more effectively than a "proper" parse tree for our needs.
Affected by 
Documentation
¶
Source Files
Directories