{"id":"CVE-2014-6407","details":"Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.","aliases":["GHSA-5qgp-p5jc-w2rm","GO-2022-0630"],"modified":"2026-04-10T03:44:00.161690Z","published":"2014-12-12T15:59:04Z","related":["CGA-qp2v-2grq-pfqq","SUSE-SU-2025:03540-1","SUSE-SU-2025:03545-1","openSUSE-SU-2024:10532-1","openSUSE-SU-2025:15589-1"],"references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/60171"},{"type":"ADVISORY","url":"http://secunia.com/advisories/60241"},{"type":"ADVISORY","url":"https://docs.docker.com/v1.3/release-notes/"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2014-December/145154.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00009.html"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2014/11/24/5"}],"schema_version":"1.7.5"}