CVE-2020-7606

Summary

docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization.

Affected Software

VendorProductVersion RangeStatus
n/adocker-compose-remote-apiAll versions including 0.1.4affected

Weaknesses

  • Command Injection

ADP Enrichment

CVE Program Container

Additional References

References