docker-tester is vulnerable to OS command injection. The vulnerability exists in the port
attribute in the getExternalPort
function of docker-compose.js
, allowing an attacker to inject and execute malicious commands through the docker-compose.yml
by providing shell meta characters.
CPE | Name | Operator | Version |
---|---|---|---|
docker-tester | le | 1.2.2 | |
docker-tester | le | 1.2.2 |