Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary Code Execution
Vulnerability Description
This affects all versions of package docker-cli-js. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will be in a position to execute any arbitrary OS commands on the host system.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
Docker 操作系统命令注入漏洞
Vulnerability Description
Docker是美国Docker公司的一款开源的应用容器引擎。该产品支持在Linux系统上创建一个容器(轻量级虚拟机)并部署和运行应用程序,以及通过配置文件实现应用程序的自动化安装、部署和升级。 docker cli-js 存在操作系统命令注入漏洞,该漏洞源于如果 Docker.command 方法的 command 参数至少可以由用户部分控制,他们将能够在主机系统上执行任意操作系统命令。
CVSS Information
N/A
Vulnerability Type
N/A