ScanCode Command Injection Vulnerability

ScanCode is an open source tool for analyzing and scanning source code for open source license information and potential intellectual property issues. A command injection vulnerability exists in ScanCode.io versions prior to 32.5.1, which stems from a command injection vulnerability in the...

PT-2023-4304 · Docker · Docker

Name of the Vulnerable Software and Affected Versions: ScanCode.io versions prior to 32.5.1 Description: The issue is related to a command injection vulnerability in the docker fetch process. This vulnerability allows malicious commands to be appended to the docker reference parameter. The docker...