docker-compose-remote-api up to and including 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
docker-compose-remote-api project docker-compose-remote-api |