Description
OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml file.
Remediation
References
https://www.npmjs.com/package/docker-tester
https://advisory.checkmarx.net/advisory/CX-2021-4786
Related Vulnerabilities
CVE-2022-24728 Vulnerability in maven package org.webjars.npm:ckeditor4
CVE-2021-23416 Vulnerability in npm package curly-bracket-parser
CVE-2020-8441 Vulnerability in maven package org.jyaml:jyaml
CVE-2019-10798 Vulnerability in npm package rdf-graph-array
CVE-2022-1233 Vulnerability in maven package org.webjars.bower:urijs