Home / Vulnerability Database / Config files : Insecure components configuration in Dockerfile

Config files

Config files : Insecure components configuration in Dockerfile

Classification

OWASP Top 10 2021

A6-Vulnerable and Outdated Components

CWE

CWE-657 CWE-1395

Overview

Specifying the image version of the Dockerfile is considered to be a good practice since it makes the build and execution processes stable and predictable. Instead of using the latest tag or not using any at all, it is recommended to specify a known version to avoid unexpected changes and their consequences in the future.

References

CWE-657: Violation of Secure Design Principles
CWE-1395: Dependency on Vulnerable Third-Party Component

MEDIUM

Config files : Insecure components configuration in Dockerfile

Classification

Overview

References

DerScanner Severity Score

Do you want to fix Config files : Insecure components configuration in Dockerfile in your application?

See also

Config files : Text4Shell Vulnerability

Config files : Incorrect directory deletion

Config files : Code injection