Developers maintaining the images made the intentional choice to leave the artifacts available as a historical curiosity, given the improbability they’d be exploited.
First seen on darkreading.com
Jump to article: www.darkreading.com/vulnerabilities-threats/xz-utils-backdoor-live-old-docker-images
