Top 5 New Open Source Security Vulnerabilities in July 2019

The swelltering month of August is finally here, leaving many an open-space half-empty as many of our lucky comerades take time off for much-needed R&R. As for us, we consider ourselves lucky to have the opportunity to blast the aircon as high as we want, while trusting our hardworking Knowledge Group to deliver the hottest news on July’s new open source security vulnerabilities. 

Needless to say, they have once again delivered, bringing us the top 5 new open source security vulnerabilities in July from over 100 new open source vulnerabilities that were discovered and added to our hardworking database this past month. The WhiteSource database continuously aggregates known open source security vulnerabilities from multiple resources like the National Vulnerability Database (NVD), as well as other well-respected public, peer-reviewed security advisories and issue trackers so that we can collect the most comprehensive data about any new open source security vulnerabilities published. 

July’s top 5 includes some extremely popular projects which are supported by an active and often passionate community. So without further ado, here are the top 5 new open source vulnerabilities published in July.

#1 Docker


Vulnerability Score: High — 7.5

Affected versions: Docker CE and EE before 18.09.8, Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10

An information disclosure issue was discovered in vulnerable versions of Docker CE and EE, which could enable an attacker to gain access to sensitive information that might help to carry out additional attacks. 

Security researchers found that Docker Engine in debug mode adds secrets to the debug log when docker stack deploy is run to redeploy a stack that includes (non-external) secrets. This could also put other API users of the stack API (Read more…)

*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Patricia Johnson. Read the original post at: