CVE-2020-7606

Posted on 2020년 3월 16일2020년 3월 16일 by admin

CVE-2020-7606

docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within ‘index.js’ of the package, the function ‘exec(serviceName, cmd, fnStdout, fnStderr, fnExit)’ uses the variable ‘serviceName’ which can be controlled by users without any sanitization.

Source: CVE-2020-7606

답글 남기기 응답 취소