Search for packages
| purl | pkg:pypi/docker-py@0.5.3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-q2y6-4n1b-aaae | Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain authentication and image data by leveraging a network position between the client and the registry to block HTTPS traffic. |
CVE-2014-5277
GHSA-8w94-cf6g-c8mg GO-2022-0636 PYSEC-2014-80 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2024-09-18T12:00:14.559581+00:00 | Pypa Importer | Fixing | VCID-q2y6-4n1b-aaae | https://github.com/pypa/advisory-database/blob/main/vulns/docker-py/PYSEC-2014-80.yaml | 34.0.1 |
| 2024-09-17T22:50:13.474914+00:00 | PyPI Importer | Fixing | VCID-q2y6-4n1b-aaae | https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip | 34.0.1 |
| 2024-01-03T18:33:26.968715+00:00 | PyPI Importer | Fixing | VCID-q2y6-4n1b-aaae | https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip | 34.0.0rc1 |
| 2024-01-03T18:27:50.011337+00:00 | Pypa Importer | Fixing | VCID-q2y6-4n1b-aaae | https://github.com/pypa/advisory-database/blob/main/vulns/docker-py/PYSEC-2014-80.yaml | 34.0.0rc1 |