The vulnerability of the fetch_docker_image() function in the automation tool for software analysis, ScanCode.io, allows a hacker to execute arbitrary commands.

The vulnerability of the fetchdockerimage function in the automation tool for software analysis, ScanCode.io, is related to the lack of protective measures taken for the structure of the web page during the processing of the dockerreference parameter. Exploiting this vulnerability allows a remote...

ScanCode Command Injection Vulnerability

ScanCode is an open source tool for analyzing and scanning source code for open source license information and potential intellectual property issues. A command injection vulnerability exists in ScanCode.io versions prior to 32.5.1, which stems from a command injection vulnerability in the...

PT-2023-4304 · Docker · Docker

Name of the Vulnerable Software and Affected Versions: ScanCode.io versions prior to 32.5.1 Description: The issue is related to a command injection vulnerability in the docker fetch process. This vulnerability allows malicious commands to be appended to the docker reference parameter. The docker...