{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-17T06:12:08.394","vulnerabilities":[{"cve":{"id":"CVE-2020-7606","sourceIdentifier":"report@snyk.io","published":"2020-03-15T22:15:14.880","lastModified":"2024-11-21T05:37:27.763","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable 'serviceName' which can be controlled by users without any sanitization."},{"lang":"es","value":"docker-compose-remote-api versiones hasta 0.1.4, permite una ejecución de comandos arbitraria. Dentro del archivo \"index.js\" del paquete, la función  \"exec(serviceName, cmd, fnStdout, fnStderr, fnExit)\" usa la variable \"serviceName\" que puede ser controlada por los usuarios sin ningún tipo de saneamiento."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:docker-compose-remote-api_project:docker-compose-remote-api:*:*:*:*:*:node.js:*:*","versionEndIncluding":"0.1.4","matchCriteriaId":"751BC9D8-D945-45D8-A8C5-B9883196D1E4"}]}]}],"references":[{"url":"https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125","source":"report@snyk.io","tags":["Exploit","Third Party Advisory"]},{"url":"https://snyk.io/vuln/SNYK-JS-DOCKERCOMPOSEREMOTEAPI-560125","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}