CVE-2020-7606
CVE-2020-7606
docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization.
Affected products
n/a · docker-compose-remote-apiWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →