Description
OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml file.
Remediation
References
https://advisory.checkmarx.net/advisory/CX-2021-4786
https://www.npmjs.com/package/docker-tester
Related Vulnerabilities
CVE-2020-15095 Vulnerability in maven package org.webjars.bower:npm
CVE-2022-31151 Vulnerability in maven package org.webjars.npm:undici
CVE-2021-3749 Vulnerability in npm package axios
CVE-2018-16487 Vulnerability in npm package @sailshq/lodash
CVE-2021-27515 Vulnerability in maven package org.webjars.bowergithub.unshiftio:url-parse