CNNVD-202510-3466 Information

CNNVD ID

CNNVD-202510-3466

Related CVE

CVE-2025-62725

• CNNVD Published: 2025-10-27

Description (Chinese)

Docker Compose是Docker开源的一个使用Docker定义和运行多容器应用程序。 Docker Compose存在路径遍历漏洞，该漏洞源于信任远程OCI compose构件中的路径信息，可能导致攻击者逃逸缓存目录并覆盖任意文件。

Description (English)

Docker Company is a multi-container application using Docker as an open source for Docker. Docker Compose has a loophole in its path, which stems from information on the path in the remote OCI copose component of trust, which could lead to the assailants fleeing the cache directory and overwhelm any file.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

Docker

Published

2025-10-27

Last Modified

2026-02-24

References

https://github.com/docker/compose/commit/69bcb962bfb2ea53b41aa925333d356b577d6176 https://github.com/docker/compose/security/advisories/GHSA-gv8h-7v7w-r22q

Patch

https://github.com/docker/compose/releases