play-with-docker icon indicating copy to clipboard operation
play-with-docker copied to clipboard
verified publisher icon play-with-docker

Unauthorized Code Execution on the host [Play-with-Docker]

Open wawahuy opened this issue 2 years ago • 3 comments

I have discovered a security vulnerability in the Play-with-Docker project, allowing me to execute code unlawfully on the project's host. I don't know where to report it for a safe fix.

wawahuy avatar Sep 21 '23 14:09 wawahuy

hi there! you can contact me in marcosnils (at) gmail

marcosnils avatar Sep 21 '23 14:09 marcosnils

I apologize for the earlier title, there was some confusion. Specifically, from within the containers, I can access the host machine and perform certain root-level actions. Would you like more details?

wawahuy avatar Sep 21 '23 14:09 wawahuy

yes, please. Can you send me an email?

marcosnils avatar Sep 21 '23 15:09 marcosnils