Vulnerability Details CVE-2020-7606
docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.026
EPSS Ranking 83.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Products affected by CVE-2020-7606
-
cpe:2.3:a:docker-compose-remote-api_project:docker-compose-remote-api:-
-
cpe:2.3:a:docker-compose-remote-api_project:docker-compose-remote-api:0.1.1
-
cpe:2.3:a:docker-compose-remote-api_project:docker-compose-remote-api:0.1.2
-
cpe:2.3:a:docker-compose-remote-api_project:docker-compose-remote-api:0.1.3
-
cpe:2.3:a:docker-compose-remote-api_project:docker-compose-remote-api:0.1.4