Dockyard is a Docker container management app. Prior to 1.1.0, Docker container start and stop operations are performed through GET requests without CSRF protection. A remote attacker can cause a logged-in administrator's browser to request /apps/action.php?action=stop&name=<container> or /apps/action.php?action=start&name=<container>, which starts or stops the target container. This vulnerability is fixed in 1.1.0.
References
| Link | Resource |
|---|---|
| https://github.com/10ij/dockyard/security/advisories/GHSA-jrf6-3j4j-q36g | Broken Link |
| https://github.com/10ij/dockyard/security/advisories/GHSA-jrf6-3j4j-q36g | Broken Link |
Configurations
History
08 Jul 2026, 14:42
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/10ij/dockyard/security/advisories/GHSA-jrf6-3j4j-q36g - Broken Link | |
| CPE | cpe:2.3:a:10ij:dockyard:*:*:*:*:*:*:*:* | |
| CWE | CWE-352 | |
| First Time |
10ij dockyard
10ij |
10 Apr 2026, 14:16
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/10ij/dockyard/security/advisories/GHSA-jrf6-3j4j-q36g - |
09 Apr 2026, 22:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-04-09 22:16
Updated : 2026-07-08 14:42
NVD link : CVE-2026-39848
Mitre link : CVE-2026-39848
CVE.ORG link : CVE-2026-39848
JSON object : View
Products Affected
10ij
- dockyard
