GO-2024-2659
See a problem?- Source
- https://pkg.go.dev/vuln/GO-2024-2659
- Import Source
- https://vuln.go.dev/ID/GO-2024-2659.json
- JSON Data
- https://api.osv.dev/v1/vulns/GO-2024-2659
- Aliases
-
- CVE-2024-29018
- GHSA-mq39-4gv4-mvpx
- Published
- 2024-03-22T18:49:03Z
- Modified
- 2024-05-20T16:03:47Z
- Summary
- Data exfiltration from internal networks in github.com/docker/docker
- Details
-
dockerd forwards DNS requests to the host loopback device, bypassing the container network namespace's normal routing semantics, networks marked as 'internal' can unexpectedly forward DNS requests to an external nameserver. By registering a domain for which they control the authoritative nameservers, an attacker could arrange for a compromised container to exfiltrate data by encoding it in DNS queries that will eventually be answered by their nameservers.
- References
- Credits
-
-
- @robmry
-
- @akerouanton
-
- @neersighted
-
- @gabriellavengeo
-
Affected packages
Go / github.com/docker/docker
Package
- Name
- github.com/docker/docker
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/docker/docker