Search criteria
1 vulnerability by docker-compose-remote-api_project
CVE-2020-7606 (GCVE-0-2020-7606)
Vulnerability from cvelistv5 – Published: 2020-03-15 21:31 – Updated: 2024-08-04 09:33
VLAI?
Summary
docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization.
Severity ?
No CVSS data available.
CWE
- Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | docker-compose-remote-api |
Affected:
All versions including 0.1.4
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "docker-compose-remote-api",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions including 0.1.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within \u0027index.js\u0027 of the package, the function \u0027exec(serviceName, cmd, fnStdout, fnStderr, fnExit)\u0027 uses the variable \u0027serviceName\u0027 which can be controlled by users without any sanitization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-15T21:31:11",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "docker-compose-remote-api",
"version": {
"version_data": [
{
"version_value": "All versions including 0.1.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within \u0027index.js\u0027 of the package, the function \u0027exec(serviceName, cmd, fnStdout, fnStderr, fnExit)\u0027 uses the variable \u0027serviceName\u0027 which can be controlled by users without any sanitization."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7606",
"datePublished": "2020-03-15T21:31:11",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}