{"containers":{"cna":{"affected":[{"product":"docker-compose-remote-api","vendor":"n/a","versions":[{"status":"affected","version":"All versions including 0.1.4"}]}],"descriptions":[{"lang":"en","value":"docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization."}],"problemTypes":[{"descriptions":[{"description":"Command Injection","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2020-03-15T21:31:11.000Z","orgId":"bae035ff-b466-4ff4-94d0-fc9efd9e1730","shortName":"snyk"},"references":[{"tags":["x_refsource_MISC"],"url":"https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"report@snyk.io","ID":"CVE-2020-7606","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"docker-compose-remote-api","version":{"version_data":[{"version_value":"All versions including 0.1.4"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Command Injection"}]}]},"references":{"reference_data":[{"name":"https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125","refsource":"MISC","url":"https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T09:33:19.966Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125"}]}]},"cveMetadata":{"assignerOrgId":"bae035ff-b466-4ff4-94d0-fc9efd9e1730","assignerShortName":"snyk","cveId":"CVE-2020-7606","datePublished":"2020-03-15T21:31:11.000Z","dateReserved":"2020-01-21T00:00:00.000Z","dateUpdated":"2024-08-04T09:33:19.966Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}