Docker-Compose-Remote-Api Project: >> Docker-Compose-Remote-Api >> 0.1.4 Security Vulnerabilities
docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-03-15