Command Injection Vulnerability - Githubissues

cloudfoundry-community / docker-registry-boshrelease

Run your own private Docker Registry in standalone mode (without requiring the public index) on AWS, OpenStack or vSphere with BOSH

MIT License

13 stars 20 forks source link

Command Injection Vulnerability #19

Closed squeedee closed 7 years ago

squeedee commented 7 years ago

This exploit exists in this project. We've highlighted the affected lines

Details in this report

docker-registry-boshrelease https://github.com/cloudfoundry-community/docker-registry-boshrelease/blob/master/src/common/utils.sh#L4-L5

jhunt commented 7 years ago

Fixed in https://github.com/cloudfoundry-community/docker-registry-boshrelease/commit/db802983730051b142eb27a0f83f5627116577c0. Thanks!

jhunt commented 7 years ago

(also, released as 3.2.1)