Search for packages
Package details: pkg:pypi/docker-py@0.3.1
purl pkg:pypi/docker-py@0.3.1
Next non-vulnerable version 0.5.3
Latest non-vulnerable version 0.5.3
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-q2y6-4n1b-aaae
Aliases:
CVE-2014-5277
GHSA-8w94-cf6g-c8mg
GO-2022-0636
PYSEC-2014-80
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic.
0.5.3
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2024-09-18T12:00:14.530921+00:00 Pypa Importer Affected by VCID-q2y6-4n1b-aaae https://github.com/pypa/advisory-database/blob/main/vulns/docker-py/PYSEC-2014-80.yaml 34.0.1
2024-09-17T22:50:13.446883+00:00 PyPI Importer Affected by VCID-q2y6-4n1b-aaae https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 34.0.1
2024-01-03T18:33:26.940409+00:00 PyPI Importer Affected by VCID-q2y6-4n1b-aaae https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 34.0.0rc1
2024-01-03T18:27:49.983054+00:00 Pypa Importer Affected by VCID-q2y6-4n1b-aaae https://github.com/pypa/advisory-database/blob/main/vulns/docker-py/PYSEC-2014-80.yaml 34.0.0rc1