Affected by GO-2022-0390
and 12 other vulnerabilities
GO-2022-0390: Moby (Docker Engine) started with non-empty inheritable Linux process capabilities in github.com/docker/docker
GO-2022-0985: Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions in github.com/docker/docker
GO-2022-1107: Container build can leak any path on the host into the container in github.com/docker/docker
GO-2023-1699: Docker Swarm encrypted overlay network may be unauthenticated in github.com/docker/docker
GO-2023-1700: Docker Swarm encrypted overlay network traffic may be unencrypted in github.com/docker/docker
GO-2023-1701: Docker Swarm encrypted overlay network with a single endpoint is unauthenticated in github.com/docker/docker
GO-2024-2914: Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing in github.com/docker/docker
GO-2025-3829: Moby firewalld reload removes bridge network isolation in github.com/docker/docker
GO-2026-4883: Moby has an Off-by-one error in its plugin privilege validation in github.com/docker/docker
GO-2026-4887: Moby has AuthZ plugin bypass when provided oversized request bodies in github.com/docker/docker
GO-2026-5617: Docker: Race condition in docker cp allows bind mount redirection to host path in github.com/docker/docker
GO-2026-5668: Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap in github.com/docker/docker
GO-2026-5746: Docker: `PUT /containers/{id}/archive` executes container binary on the host in github.com/docker/docker
type CapabilityMapping struct {
Key string `json:"key,omitempty"`
Value capability.Cap `json:"value,omitempty"`
}
CapabilityMapping maps linux capability name to its value of capability.Cap type
Capabilities is one of the security systems in Linux Security Module (LSM)
framework provided by the kernel.
For more details on capabilities, see http://man7.org/linux/man-pages/man7/capabilities.7.html
Affected by 
Documentation
¶
Source Files