CVE-2021-34079

Description

OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml file.

How to fix CVE-2021-34079

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• npm/docker-tester—no fix listed

Is CVE-2021-34079 being exploited?

Moderate — EPSS is 10.2%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, <= 1.2.1

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2021-34079
• PATCHgithub.com/mintzo/docker-testing
• WEBadvisory.checkmarx.net/advisory/CX-2021-4786
• WEBwww.npmjs.com/package/docker-tester