CVE

CVE-2020-7606

admin

CVE-2020-7606

docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within ‘index.js’ of the package, the function ‘exec(serviceName, cmd, fnStdout, fnStderr, fnExit)’ uses the variable ‘serviceName’ which can be controlled by users without any sanitization.

Source: CVE-2020-7606

Exit mobile version