2020-03-15 21:31:11
snyk
PUBLISHED
docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within index.js of the package, the function exec(serviceName, cmd, fnStdout, fnStderr, fnExit) uses the variable serviceName which can be controlled by users without any sanitization.