Script injection attack when using docker.image

This issue is archived. You can view it, but you can't modify it. Learn more

XMLWordPrintable

    • 1.28

      myDocker = docker.image('maven:3.5.3-jdk-1.8| echo a')
      myDocker.pull()

      This will invoke docker pull and echo a which allow script injection to the system 

       

       

        1. image-2019-05-08-16-53-23-409.png
          image-2019-05-08-16-53-23-409.png
          2 kB

            Assignee:
            rsandell
            Reporter:
            Changcheng Liu
            Archiver:
            Jenkins Service Account

              Created:
              Updated:
              Resolved:
              Archived: