CNNVD-202512-4961 Information
CNNVD ID
CNNVD-202512-4961
Related CVE
- CNNVD Published: 2025-12-29
Description (Chinese)
Tugtainer是Eugene Savin个人开发者的一个具有web UI的自动化Docker容器更新应用程序。 Tugtainer 1.15.1之前版本存在命令注入漏洞,该漏洞源于tugtainer-agent的POST api/command/run接口可注入任意参数。
Description (English)
Tugtainer is an automated Docker container update application with web UI for Eugene Savin personal developer. The pre-Tugtainer 1.15.1 version contains a command-injected loophole, which originates from the POST api/command/run interface of Tugtainer-att.
Hazard Level
Low
Vulnerability Type
命令注入
Affected Vendor
个人开发者
Published
2025-12-29
Last Modified
2026-02-24
References
https://github.com/Quenary/tugtainer/commit/dbb17d843e30fd7509acf0328c913dcb42f40831 https://github.com/Quenary/tugtainer/security/advisories/GHSA-grc3-8w5x-g54q https://github.com/Quenary/tugtainer/pull/88 https://github.com/Quenary/tugtainer/releases/tag/v1.15.1 https://access.redhat.com/security/cve/cve-2025-69201
Patch
https://github.com/Quenary/tugtainer/releases
Share on: