CVE-2024-8695: 
Docker Desktop vulnerability analysis and mitigation

A remote code execution (RCE) vulnerability was discovered in Docker Desktop versions prior to 4.34.2, tracked as CVE-2024-8695. The vulnerability could be exploited via crafted extension description/changelog that could be abused by a malicious extension (NVD, SecurityOnline).

The vulnerability has been assigned a critical severity rating with a CVSS v4.0 base score of 9.0 and CVSS v3.1 base score of 9.8. The vulnerability is classified under CWE-94 (Improper Control of Generation of Code) and CWE-79 (Cross-site Scripting). The attack vector is network-based (AV:N) with low attack complexity (AC:L) and requires no privileges (PR:N) (NVD).

The vulnerability could allow attackers to execute arbitrary code on the victim's system, potentially leading to unauthorized access to sensitive data, malware installation, and complete system takeover (SecurityOnline).

Docker has released version 4.34.2 that patches this vulnerability. Users are strongly advised to update to this version immediately. Additionally, users should exercise caution when installing extensions from untrusted sources and verify the legitimacy of extensions before installation (SecurityOnline).