Описание
OS Command injection in docker-cli-js
Withdrawn
After reviewing this CVE, and this response from the maintainer, we have withdrawn this advisory.
Original CVE description
This affects all versions of package docker-cli-js. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will be in a position to execute any arbitrary OS commands on the host system.
Пакеты
Наименование
docker-cli-js
npm
Затронутые версииВерсия исправления
<= 2.8.0
Отсутствует
Связанные уязвимости
CVSS3: 9
nvd
около 4 лет назад
This affects all versions of package docker-cli-js. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will be in a position to execute any arbitrary OS commands on the host system.