🔴 严重 | CVE-2026-54636 — Dokku is a docker-powered PaaS. Prior to 0.38.7, t...
🔴 CVE-2026-54636
CVSS 评分: 9.0(严重) | 状态: Analyzed | 发布时间: 2026-06-26
漏洞描述
Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku user. An app.json cron command utilizing special shell characters - including, but not limited to, > or ; - can break out of the Docker container and execute commands on the host as the Dokku user. This vulnerability is fixed in 0.38.7.
漏洞详情
| 字段 | 值 |
|---|---|
| CVE ID | CVE-2026-54636 |
| CVSS 评分 | 9.0(严重) |
| CVSS 向量 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H |
| CWE | CWE-78 |
| 发布时间 | 2026-06-26 |
| 最后更新 | 2026-06-26 |
| 状态 | Analyzed |
| 数据来源 | security-advisories@github.com |
参考链接
- https://github.com/dokku/dokku/pull/8672
- https://github.com/dokku/dokku/security/advisories/GHSA-72vm-7pc2-x95w
🤖 本文由 CVE 安全快讯机器人自动生成
数据来源: NVD (National Vulnerability Database) | 获取时间: 2026-06-27 03:07
💬 评论