RSS   Vulnerabilities for 'Docker-compose-remote-api'   RSS

2020-03-15
 
CVE-2020-7606

CWE-74
 

 
docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization.

 


Copyright 2024, cxsecurity.com

 

Back to Top