WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-7606 Vulnerability in npm package docker-compose-remote-api

Description

docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization.

Remediation

References

https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125

Related Vulnerabilities

CVE-2021-41038 Vulnerability in npm package @theia/plugin-ext

CVE-2021-23392 Vulnerability in npm package locutus

CVE-2020-7712 Vulnerability in maven package org.webjars.npm:json

CVE-2023-47326 Vulnerability in maven package org.silverpeas.core:silverpeas-core

CVE-2023-25572 Vulnerability in maven package org.webjars.npm:ra-ui-materialui

Severity

Critical

Classification

CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory