CVE-2021-34079

EPSS 10.2%

Command injection in docker-tester

發布日:2022/6/3修改日:2023/11/8

描述

OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml file.

受影響套件(1)

npm/docker-testerfrom 0, <= 1.2.1

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-34079
PATCHhttps://github.com/mintzo/docker-testing
WEBhttps://advisory.checkmarx.net/advisory/CX-2021-4786
WEBhttps://www.npmjs.com/package/docker-tester