All versions of Docker are currently vulnerable to a race condition that could give an attacker both read and write access to any file on the host system. At its core, the vulnerability stems from the FollowSymlinkInScope function. The vulnerability is similar to CVE-2018-15664 and it offers a window of opportunity for hackers to modify resource paths after resolution but before the assigned program starts operating on the resource. A patch has been submitted upstream and is still under review. Mitigating mitigation options and exploit scripts offer potential mitigation solutions.
Source: https://www.bleepingcomputer.com/news/security/unpatched-flaw-affects-all-docker-versions-exploits-ready/