{"id":"CVE-2019-14271","details":"In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the nsswitch facility dynamically loads a library inside a chroot that contains the contents of the container.","aliases":["GHSA-v2cv-wwxq-qq97","GO-2024-2521"],"modified":"2026-03-20T11:27:55.581256Z","published":"2019-07-29T18:15:11.223Z","related":["SUSE-SU-2019:2117-1","SUSE-SU-2019:2119-1","SUSE-SU-2025:03540-1","SUSE-SU-2025:03545-1","openSUSE-SU-2019:2021-1","openSUSE-SU-2024:10722-1","openSUSE-SU-2025:15589-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html"},{"type":"ADVISORY","url":"https://docs.docker.com/engine/release-notes/"},{"type":"ADVISORY","url":"https://github.com/moby/moby/issues/39449"},{"type":"ADVISORY","url":"https://seclists.org/bugtraq/2019/Sep/21"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20190828-0003/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4521"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/docker/docker","events":[{"introduced":"705d9623b7c1fac1f8cf48074d5861847d09eb67"},{"fixed":"fa8dd90ceb7bcb9d554d27e0b9087ab83e54bd2b"}],"database_specific":{"versions":[{"introduced":"19.03"},{"fixed":"19.03.1"}]}}],"versions":["v19.03.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-14271.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.0"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}