CVE-2020-7606

2020-03-15T22:15:00
ID CVE-2020-7606
Type cve
Reporter cve@mitre.org
Modified 2020-03-17T18:21:00

Description

docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization.