CVE-2021-23732 – docker-cli-js

Package

Manager: npm
Name: docker-cli-js
Vulnerable Version: <0

Severity

Level: Medium

CVSS v3.1: N/A

CVSS v4.0: N/A

EPSS: 0.00845 pctl0.73928

Details

OS Command injection in docker-cli-js # Withdrawn After reviewing this CVE, and [this response from the maintainer](https://github.com/Quobject/docker-cli-js/issues/22#issuecomment-967760940), we have withdrawn this advisory. # Original CVE description This affects all versions of package docker-cli-js. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will be in a position to execute any arbitrary OS commands on the host system.

Metadata

Created: 2021-12-02T17:51:22Z
Modified: 2021-11-30T14:50:39Z
Source: MANUAL
CWE IDs: ["CWE-78"]
Alternative ID: GHSA-ff45-7prw-58vj
Finding: N/A
Auto approve: 0