3 matches found
CVE-2025-53376
Dokploy is a self-hostable Platform as a Service PaaS that simplifies the deployment and management of applications and databases. An authenticated, low-privileged user can run arbitrary OS commands on the Dokploy host. The tRPC procedure docker.getContainersByAppNameMatch interpolates the...
CVE-2025-53376 Dokploy allows attackers to run arbitrary OS commands on the Dokploy host.
Dokploy is a self-hostable Platform as a Service PaaS that simplifies the deployment and management of applications and databases. An authenticated, low-privileged user can run arbitrary OS commands on the Dokploy host. The tRPC procedure docker.getContainersByAppNameMatch interpolates the...
CVE-2025-53376
Dokploy is a self-hosted PaaS where an authenticated, low-privileged user can execute arbitrary OS commands on the host via the tRPC procedure docker.getContainersByAppNameMatch, which interpolates an attacker-controlled appName into a Docker CLI call without sanitisation. The root cause is unsan...