{"id":"CVE-2014-9358","details":"Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) \"docker load\" operation or (2) \"registry communications.\"","aliases":["GHSA-qmmc-jppf-32wv","GO-2022-0705"],"modified":"2026-04-10T03:44:49.863453Z","published":"2014-12-16T18:59:16Z","related":["CGA-hrvm-c4vp-xgx3","SUSE-SU-2025:03540-1","SUSE-SU-2025:03545-1","openSUSE-SU-2024:10532-1","openSUSE-SU-2025:15589-1"],"references":[{"type":"WEB","url":"http://www.securityfocus.com/archive/1/534215/100/0/threaded"},{"type":"WEB","url":"https://groups.google.com/forum/#%21msg/docker-user/nFAz-B-n4Bw/0wr3wvLsnUwJ"}],"schema_version":"1.7.5"}