DockerDash: Metadata Flaw in Docker's Ask Gordon AI
⚠️ Noma Labs disclosed a critical vulnerability, dubbed DockerDash, in Docker's Ask Gordon AI assistant that allows unverified image metadata to be treated as executable instructions. The flaw exploits a trust failure in the Model Context Protocol (MCP) gateway: Ask Gordon reads Docker LABEL metadata, forwards the interpreted content to MCP, and MCP tools execute it without validation. Depending on deployment this can enable remote code execution (cloud/CLI) or large-scale data exfiltration and reconnaissance in Docker Desktop. Docker issued mitigations in Docker Desktop 4.50.0 and users are urged to upgrade.
