I’ve looked in https://github.com/disclose/diodb/blob/master/program-list.json?raw=true
All I can find is their security scanning thing, not their contact details.
Anyone got the security team at Docker Hub or do they not have one?
DM’ed the CTO on twitter, will update the database once I get the security contacts!
2 Likes
Fantastic work sick!
1 Like
Nice one! Were they responsive?
First Vuln was a false alarm, possible denial of service or out of bounds write.
Second issue is still ongoing. No archlinux:latest docker images work because glibc2.33 is released but none of the ancient LTS kernels whitelist updated syscalls.
So arch has to back port fixes so hub.docker.com works OR dockerhub updates their building kernel machines.
So, that’s the update, without telling you I use arch 
2 Likes