{"api_version":"1","generated_at":"2026-04-23T01:32:33+00:00","cve":"CVE-2019-13139","urls":{"html":"https://cve.report/CVE-2019-13139","api":"https://cve.report/api/cve/CVE-2019-13139.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-13139","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-13139"},"summary":{"title":"CVE-2019-13139","description":"In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the \"docker build\" command would be able to gain command execution. An issue exists in the way \"docker build\" processes remote git URLs, and results in command injection into the underlying \"git clone\" command, leading to code execution in the context of the user executing the \"docker build\" command. This occurs because git ref can be misinterpreted as a flag.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2019-08-22 20:15:00","updated_at":"2020-08-24 17:37:00"},"problem_types":["CWE-78"],"metrics":[],"references":[{"url":"https://github.com/moby/moby/pull/38944","name":"https://github.com/moby/moby/pull/38944","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"gitutils: add validation for ref by andrewhsu · Pull Request #38944 · moby/moby · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://seclists.org/bugtraq/2019/Sep/21","name":"20190910 [SECURITY] [DSA 4521-1] docker.io security update","refsource":"BUGTRAQ","tags":[],"title":"Bugtraq: [SECURITY] [DSA 4521-1] docker.io security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.debian.org/security/2019/dsa-4521","name":"DSA-4521","refsource":"DEBIAN","tags":[],"title":"Debian -- Security Information -- DSA-4521-1 docker.io","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://docs.docker.com/engine/release-notes/#18094","name":"https://docs.docker.com/engine/release-notes/#18094","refsource":"MISC","tags":["Release Notes","Vendor Advisory"],"title":"Docker Engine release notes | Docker Documentation","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://access.redhat.com/errata/RHBA-2019:3092","name":"RHBA-2019:3092","refsource":"REDHAT","tags":[],"title":"Red Hat Customer Portal - Access to 24x7 support and knowledge","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/","name":"https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/","refsource":"MISC","tags":["Exploit","Third Party Advisory"],"title":"CVE-2019-13139 - Docker build code execution · Staaldraad","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.netapp.com/advisory/ntap-20190910-0001/","name":"https://security.netapp.com/advisory/ntap-20190910-0001/","refsource":"CONFIRM","tags":[],"title":"CVE-2019-13139 Docker Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-13139","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-13139","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"13139","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"docker","cpe5":"docker","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"13139","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"docker","cpe5":"docker","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"enterprise","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2019-13139","qid":"353055","title":"Amazon Linux Security Advisory for docker : ALAS2NITRO-ENCLAVES-2021-003"},{"cve":"CVE-2019-13139","qid":"353068","title":"Amazon Linux Security Advisory for docker : ALAS2DOCKER-2021-003"},{"cve":"CVE-2019-13139","qid":"900005","title":"CBL-Mariner Linux Security Update for moby-buildx 0.4.1"},{"cve":"CVE-2019-13139","qid":"902969","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for moby-buildx (4421)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2019-13139","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the \"docker build\" command would be able to gain command execution. An issue exists in the way \"docker build\" processes remote git URLs, and results in command injection into the underlying \"git clone\" command, leading to code execution in the context of the user executing the \"docker build\" command. This occurs because git ref can be misinterpreted as a flag."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://github.com/moby/moby/pull/38944","refsource":"MISC","name":"https://github.com/moby/moby/pull/38944"},{"url":"https://docs.docker.com/engine/release-notes/#18094","refsource":"MISC","name":"https://docs.docker.com/engine/release-notes/#18094"},{"refsource":"MISC","name":"https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/","url":"https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/"},{"refsource":"DEBIAN","name":"DSA-4521","url":"https://www.debian.org/security/2019/dsa-4521"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20190910-0001/","url":"https://security.netapp.com/advisory/ntap-20190910-0001/"},{"refsource":"BUGTRAQ","name":"20190910 [SECURITY] [DSA 4521-1] docker.io security update","url":"https://seclists.org/bugtraq/2019/Sep/21"},{"refsource":"REDHAT","name":"RHBA-2019:3092","url":"https://access.redhat.com/errata/RHBA-2019:3092"}]}},"nvd":{"publishedDate":"2019-08-22 20:15:00","lastModifiedDate":"2020-08-24 17:37:00","problem_types":["CWE-78"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":8.4,"baseSeverity":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.6},"severity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:docker:docker:*:*:*:*:enterprise:*:*:*","versionEndExcluding":"18.09.4","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"13139","Ordinal":"151497","Title":"CVE-2019-13139","CVE":"CVE-2019-13139","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"13139","Ordinal":"1","NoteData":"In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the \"docker build\" command would be able to gain command execution. An issue exists in the way \"docker build\" processes remote git URLs, and results in command injection into the underlying \"git clone\" command, leading to code execution in the context of the user executing the \"docker build\" command. This occurs because git ref can be misinterpreted as a flag.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"13139","Ordinal":"2","NoteData":"2019-08-22","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"13139","Ordinal":"3","NoteData":"2019-10-29","Type":"Other","Title":"Modified"}]}}}