Affected by GO-2022-0390
and 8 other vulnerabilities
GO-2022-0390 : Moby (Docker Engine) started with non-empty inheritable Linux process capabilities in github.com/docker/docker
GO-2024-2914 : Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing in github.com/docker/docker
GO-2024-3304 : Moby Race Condition vulnerability in github.com/moby/moby
GO-2024-3305 : Moby Race Condition vulnerability in github.com/moby/moby
GO-2026-4883 : Moby has an Off-by-one error in its plugin privilege validation in github.com/docker/docker
GO-2026-4887 : Moby has AuthZ plugin bypass when provided oversized request bodies in github.com/docker/docker
GO-2026-5617 : Docker: Race condition in docker cp allows bind mount redirection to host path in github.com/docker/docker
GO-2026-5668 : Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap in github.com/docker/docker
GO-2026-5746 : Docker: `PUT /containers/{id}/archive` executes container binary on the host in github.com/docker/docker
Discover Packages
github.com/moby/moby
cmd
dockerd
hack
package
Version:
v17.12.0-ce-rc2+incomp...
Opens a new window with list of versions in this module.
Published: Mar 23, 2020
License: Apache-2.0
Opens a new window with license information.
Imports: 1
Opens a new window with list of imports.
Imported by: 0
Opens a new window with list of known importers.
Documentation
Documentation
¶
Rendered for
linux/amd64
darwin/amd64
js/wasm
type MalformedHostHeaderOverride struct {
}
MalformedHostHeaderOverride is a wrapper to be able
to overcome the 400 Bad request coming from old docker
clients that send an invalid Host header.
Accept makes the listener accepts connections and wraps the connection
in a MalformedHostHeaderOverrideConn initializing first to true.
type MalformedHostHeaderOverrideConn struct {
}
MalformedHostHeaderOverrideConn wraps the underlying unix
connection and keeps track of the first read from http.Server
which just reads the headers.
Read reads the first *read* request from http.Server to inspect
the Host header. If the Host starts with / then we're talking to
an old docker client which send an invalid Host header. To not
error out in http.Server we rewrite the first bytes of the request
to sanitize the Host header itself.
In case we're not dealing with old docker clients the data is just passed
to the server w/o modification.
Source Files
¶
Click to show internal directories.
Click to hide internal directories.