VulnerableCode Package Details - pkg:rpm/redhat/python-docker@2.4.2-2?arch=el7

Search for packages

Vulnerability	Summary	Fixed by
VCID-puq1-z5h7-pkdg Aliases: CVE-2018-16876 GHSA-j569-fghw-f9rx PYSEC-2019-141	ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.	There are no reported fixed by versions.
VCID-rknj-nkgs-wyg2 Aliases: CVE-2018-16837 GHSA-hwrm-63v2-42g4 PYSEC-2018-44	Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.	There are no reported fixed by versions.
VCID-vj7p-66bc-7yam Aliases: CVE-2019-1002101 GHSA-34jx-wx69-9x8v	Symlink Attack in kubectl cp The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. The untar function can both create and follow symbolic links. The issue is resolved in kubectl v1.11.9, v1.12.7, v1.13.5, and v1.14.0.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-puq1-z5h7-pkdg
Aliases:
CVE-2018-16876
GHSA-j569-fghw-f9rx
PYSEC-2019-141

ansible before versions 2.5.14, 2.6.11, 2.7.5 is vulnerable to a information disclosure flaw in vvv+ mode with no_log on that can lead to leakage of sensible data.

There are no reported fixed by versions.

VCID-rknj-nkgs-wyg2
Aliases:
CVE-2018-16837
GHSA-hwrm-63v2-42g4
PYSEC-2018-44

Ansible "User" module leaks any data which is passed on as a parameter to ssh-keygen. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. Showing those credentials in clear text form for every user which have access just to the process list.

There are no reported fixed by versions.

VCID-vj7p-66bc-7yam
Aliases:
CVE-2019-1002101
GHSA-34jx-wx69-9x8v

Symlink Attack in kubectl cp The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. The untar function can both create and follow symbolic links. The issue is resolved in kubectl v1.11.9, v1.12.7, v1.13.5, and v1.14.0.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:21:47.681400+00:00	RedHat Importer	Affected by	VCID-rknj-nkgs-wyg2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16837.json	38.0.0
2026-04-01T14:21:28.043743+00:00	RedHat Importer	Affected by	VCID-puq1-z5h7-pkdg	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16876.json	38.0.0
2026-04-01T14:20:39.484308+00:00	RedHat Importer	Affected by	VCID-vj7p-66bc-7yam	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1002101.json	38.0.0