Filtered by vendor Docker-compose-remote-api Project
Subscribe
Total
1 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-7606 | 1 Docker-compose-remote-api Project | 1 Docker-compose-remote-api | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization. |