{"containers": {"cna": {"affected": [{"product": "docker-compose-remote-api", "vendor": "n/a", "versions": [{"status": "affected", "version": "All versions including 0.1.4"}]}], "descriptions": [{"lang": "en", "value": "docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization."}], "problemTypes": [{"descriptions": [{"description": "Command Injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-15T21:31:11.000Z", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "ID": "CVE-2020-7606", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "docker-compose-remote-api", "version": {"version_data": [{"version_value": "All versions including 0.1.4"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Command Injection"}]}]}, "references": {"reference_data": [{"name": "https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:33:19.966Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125"}]}]}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2020-7606", "datePublished": "2020-03-15T21:31:11.000Z", "dateReserved": "2020-01-21T00:00:00.000Z", "dateUpdated": "2024-08-04T09:33:19.966Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:docker-compose-remote-api_project:docker-compose-remote-api:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "751BC9D8-D945-45D8-A8C5-B9883196D1E4", "versionEndIncluding": "0.1.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization."}, {"lang": "es", "value": "docker-compose-remote-api versiones hasta 0.1.4, permite una ejecuci\u00f3n de comandos arbitraria. Dentro del archivo \"index.js\" del paquete, la funci\u00f3n \"exec(serviceName, cmd, fnStdout, fnStderr, fnExit)\" usa la variable \"serviceName\" que puede ser controlada por los usuarios sin ning\u00fan tipo de saneamiento."}], "id": "CVE-2020-7606", "lastModified": "2024-11-21T05:37:27.763", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-15T22:15:14.880", "references": [{"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}