Yasinseyhun

**Name of the Vulnerable Software and Affected Versions** Tugtainer versions prior to 1.15.1 **Description** Tugtainer is a self-hosted application designed for automating updates of docker containers. A flaw exists where arbitrary arguments can be injected. This occurs through the `POST api/command/run` endpoint of the `tugtainer-agent`. The `api/command/run` endpoint is susceptible to command injection due to improper input validation. The vulnerable parameter is not explicitly identified. **Recommendations** Update Tugtainer to version 1.15.1 or later.