CVE-2021-23732
CRITICALdocker-cli-js - OS Command Injection via Docker.command Method
Title source: llmDescription
This affects all versions of package docker-cli-js. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will be in a position to execute any arbitrary OS commands on the host system.
References (2)
Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://snyk.io/vuln/SNYK-JS-DOCKERCLIJS-1568516
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20211223-0004/
Scores
CVSS v3
9.0
EPSS
0.0182
EPSS Percentile
76.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (2)
npm/docker-cli-js
0npm
quobject/docker-cli-js
Published
Nov 22, 2021
Tracked Since
Feb 18, 2026