Improper input validation in Docker Desktop
CVE-2024-9348
Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view.
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.002 (41.5th percentile) — read the EPSS interpretation.
Affected products
- Docker Desktop — versions 0
Weakness classification (CWE)
Public proof-of-concept exploits
References
- docs.docker.com/desktop/release-notes/ (release-notes)
Frequently asked questions
- What is CVE-2024-9348?
- CVE-2024-9348 is a vulnerability in Docker Desktop, classified under Improper Input Validation. Published 2024-10-16.
- Is CVE-2024-9348 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.