VDB
GO-2024-3005
GO-2024-3005
PUBLISHED
Moby authz zero length regression in github.com/moby/moby
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | docker/docker | 20.10.0+incompatible, 26.0.0+incompatible, 27.0.0+incompatible |
| github.com | moby/moby | 26.0.0+incompatible, 27.0.0+incompatible, 20.10.0+incompatible |
Timeline
- Jul 29, 2024 CVE Published
- Feb 4, 2026 CVE Updated
- May 1, 2026 Security Advisory
References
- https://nvd.nist.gov/vuln/detail/CVE-2024-41110 advisory
- https://github.com/moby/moby/commit/411e817ddf710ff8e08fa193da80cb78af708191 patch
- https://github.com/moby/moby/commit/42f40b1d6dd7562342f832b9cd2adf9e668eeb76 patch
- https://github.com/moby/moby/commit/65cc597cea28cdc25bea3b8a86384b4251872919 patch
- https://github.com/moby/moby/commit/852759a7df454cbf88db4e954c919becd48faa9b patch
- https://github.com/moby/moby/commit/a31260625655cff9ae226b51757915e275e304b0 patch
- https://github.com/moby/moby/commit/a79fabbfe84117696a19671f4aa88b82d0f64fc1 patch
- https://github.com/moby/moby/commit/ae160b4edddb72ef4bd71f66b975a1a1cc434f00 patch
- https://github.com/moby/moby/commit/ae2b3666c517c96cbc2adf1af5591a6b00d4ec0f patch
- https://github.com/moby/moby/commit/cc13f952511154a2866bddbb7dddebfe9e83b801 patch
- https://github.com/moby/moby/commit/fc274cd2ff4cf3b48c91697fb327dd1fb95588fb patch
- https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq url
- https://www.docker.com/blog/docker-security-advisory-docker-engine-authz-plugin url