CVE-2021-34079

EPSS 10.2%

Command injection in docker-tester

Published: 6/3/2022Modified: 11/8/2023

Description

OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml file.

Affected packages (1)

npm/docker-testerfrom 0, <= 1.2.1

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-34079
PATCHhttps://github.com/mintzo/docker-testing
WEBhttps://advisory.checkmarx.net/advisory/CX-2021-4786
WEBhttps://www.npmjs.com/package/docker-tester