I have learned something new today.

A short research shows that kernel 4.11 introduced the sysctl parameter ipv4.ip_unprivileged_port_start, which is responsible for this. By default, it is set to 1024, but Docker will set it to 0 for created containers.