Docker Fixes Critical Ask Gordon AI Flaw Allowing Code Execution via Image Metadata - The Hacker News

A critical vulnerability, codenamed DockerDash, in Docker's Ask Gordon AI assistant allowed remote code execution and data exfiltration. This "Meta-Context Injection" flaw leveraged malicious metadata labels within Docker images, which Ask Gordon AI processed and executed via the MCP Gateway due to a lack of validation.