exploitDog

CVE-2021-34079

Опубликовано: 02 июн. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Средний

Описание

OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml file.

Ссылки

https://advisory.checkmarx.net/advisory/CX-2021-4786
Exploit
Third Party Advisory
https://www.npmjs.com/package/docker-tester
Product
Third Party Advisory
https://advisory.checkmarx.net/advisory/CX-2021-4786
Exploit
Third Party Advisory
https://www.npmjs.com/package/docker-tester
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:docker-tester_project:docker-tester:*:*:*:*:*:node.js:*:*

Версия до 1.2.1 (включая)

EPSS

Процентиль: 93%

0.10238

Средний

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-rj88-4777-828h

github

больше 3 лет назад

Command injection in docker-tester

EPSS

Процентиль: 93%

0.10238

Средний

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-78