CVE-2019-3462 - DOCKER:chartmuseumui-0.0.7 #44
Description
This is related to CVE issue 2019-3462 which says below
Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.
Max Justicz discovered a vulnerability in APT, the high level package manager. The code handling HTTP redirects in the HTTP transport method doesn't properly sanitize fields transmitted over the wire. This vulnerability could be used by an attacker located as a man-in-the-middle between APT and a mirror to inject malicous content in the HTTP connection. This content could then be recognized as a valid package by APT and used later for code execution with root privileges on the target machine.
Since the vulnerability is present in the package manager itself. This looks to be generic for all open sources .
Is this fixed to latest Docker: chartmuseumui ? Pls share if any updates