logo

Database

OS Command Injection In docker-compose-remote-api

Description

OS Command Injection in docker-compose-remote-api docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within index.js of the package, the function exec(serviceName, cmd, fnStdout, fnStderr, fnExit) uses the variable serviceName which can be controlled by users without any sanitization.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. CVE-2020-76062. NVD-2020-76063. OSV-2020-76064. GCVE-2020-7606

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.