all InfoSec news
CVE-2023-39523 (scancode.io)
Aug. 7, 2023, 9:15 p.m. |
National Vulnerability Database web.nvd.nist.gov
In the function `scanpipe/pipes/fetch.py:fetch_docker_image` the parameter `docker_reference` is user controllable. The `docker_reference` variable is then passed to the vulnerable function `get_docker_image_platform`. However, the `get_docker_image_plaform` function constructs a shell command with the passed `docker_reference`. The `pipes.run_command` then executes the …
analysis command command injection cve docker fetch function injection malicious parameter pipelines process script server software software composition analysis variable version vulnerability
More from web.nvd.nist.gov / National Vulnerability Database
CVE-2023-45955 (lightstrip_firmware)
6 months, 2 weeks ago |
web.nvd.nist.gov
CVE-2023-21380 (android)
6 months, 2 weeks ago |
web.nvd.nist.gov
CVE-2023-21381 (android)
6 months, 2 weeks ago |
web.nvd.nist.gov
CVE-2023-21385 (android)
6 months, 2 weeks ago |
web.nvd.nist.gov
Jobs in InfoSec / Cybersecurity
Information Security Engineers
@ D. E. Shaw Research | New York City
Technology Security Analyst
@ Halton Region | Oakville, Ontario, Canada
Senior Cyber Security Analyst
@ Valley Water | San Jose, CA
IT Consultant
@ Whitecollars | Erbil, Iraq
Sr. IAM Engineer - Okta (REMOTE)
@ GuidePoint Security LLC | Remote
DevSecOps Engineer
@ Raft | Remote, US