reports/GO-2021-0081.yaml - vulndb - Git at Google

 module: github.com/containers/image
 package: github.com/containers/image/docker
 versions:
   - fixed: v2.0.2-0.20190802080134-634605d06e73+incompatible
 description: |
   The HTTP client used to connect to the container registry authorization
   service explicitly disables TLS verification, allowing an attacker that
   is able to MITM the connection to steal credentials.
 cves:
   - CVE-2019-10214
 symbols:
   - dockerClient.getBearerToken
 links:
   pr: https://github.com/containers/image/pull/669
   commit: https://github.com/containers/image/commit/634605d06e738aec8332bcfd69162e7509ac7aaf
   context:
     - https://github.com/containers/image/issues/654
     - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214
	module: github.com/containers/image
	package: github.com/containers/image/docker
	versions:
	- fixed: v2.0.2-0.20190802080134-634605d06e73+incompatible
	description: \|
	The HTTP client used to connect to the container registry authorization
	service explicitly disables TLS verification, allowing an attacker that
	is able to MITM the connection to steal credentials.
	cves:
	- CVE-2019-10214
	symbols:
	- dockerClient.getBearerToken
	links:
	pr: https://github.com/containers/image/pull/669
	commit: https://github.com/containers/image/commit/634605d06e738aec8332bcfd69162e7509ac7aaf
	context:
	- https://github.com/containers/image/issues/654
	- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10214