Vulnerabilities (CVE)

Filtered by vendor Docker-compose-remote-api Project Subscribe
Filtered by product Docker-compose-remote-api
Total 1 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-7606 1 Docker-compose-remote-api Project 1 Docker-compose-remote-api 2024-11-21 7.5 HIGH 9.8 CRITICAL
docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization.