Search
Find a vulnerability
Search criteria
2 vulnerabilities found for docker-compose-remote-api by docker-compose-remote-api_project
CVE-2020-7606 (GCVE-0-2020-7606)
Vulnerability from nvd – Published: 2020-03-15 21:31 – Updated: 2024-08-04 09:33
VLAI
Summary
docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization.
Severity
No CVSS data available.
CWE
- Command Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEA… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | docker-compose-remote-api |
Affected:
All versions including 0.1.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "docker-compose-remote-api",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions including 0.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within \u0027index.js\u0027 of the package, the function \u0027exec(serviceName, cmd, fnStdout, fnStderr, fnExit)\u0027 uses the variable \u0027serviceName\u0027 which can be controlled by users without any sanitization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-15T21:31:11.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "docker-compose-remote-api",
"version": {
"version_data": [
{
"version_value": "All versions including 0.1.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within \u0027index.js\u0027 of the package, the function \u0027exec(serviceName, cmd, fnStdout, fnStderr, fnExit)\u0027 uses the variable \u0027serviceName\u0027 which can be controlled by users without any sanitization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7606",
"datePublished": "2020-03-15T21:31:11.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7606 (GCVE-0-2020-7606)
Vulnerability from cvelistv5 – Published: 2020-03-15 21:31 – Updated: 2024-08-04 09:33
VLAI
Summary
docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization.
Severity
No CVSS data available.
CWE
- Command Injection
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEA… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | docker-compose-remote-api |
Affected:
All versions including 0.1.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "docker-compose-remote-api",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions including 0.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within \u0027index.js\u0027 of the package, the function \u0027exec(serviceName, cmd, fnStdout, fnStderr, fnExit)\u0027 uses the variable \u0027serviceName\u0027 which can be controlled by users without any sanitization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-15T21:31:11.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "docker-compose-remote-api",
"version": {
"version_data": [
{
"version_value": "All versions including 0.1.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within \u0027index.js\u0027 of the package, the function \u0027exec(serviceName, cmd, fnStdout, fnStderr, fnExit)\u0027 uses the variable \u0027serviceName\u0027 which can be controlled by users without any sanitization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7606",
"datePublished": "2020-03-15T21:31:11.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}