PT-2021-15548 · Unknown · Docker-Cli-Js

Paul-Emmanuel Raoul

Published

2021-11-22

Updated

2022-03-29

CVE-2021-23732

CVSS v3.1

9.3

Critical

Vector

AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions docker-cli-js versions all

Description The issue affects the Docker.command method in the docker-cli-js package. If a user can partially control the command parameter of this method, they can execute arbitrary OS commands on the host system. This allows for potential exploitation, enabling attackers to run any command on the system.

Recommendations Since all versions are affected and there is no information about a specific fixed version, the following recommendation applies: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2021-23732

GHSA-FF45-7PRW-58VJ

Affected Products

Docker-Cli-Js

PT-2021-15548 · Unknown · Docker-Cli-Js

CVE-2021-23732

Weakness Enumeration

Related Identifiers

Affected Products

References · 9