- Vulnerability: Remote Code Execution
- Severity: High
- Project: Talend/component-runtime
- Branch: master
- Scan Date: Unknown
com.google.cloud.tools:jib-core is vulnerable to remote code execution. The executables are run without verifying whether the provided docker path is accurate, which allows a remote attacker to upload and execute malicious code via the vulnerable `isDockerInstalled` function.
We need to keep remote-engine-customizer using jib for the docker layers handling.
component-starter-server will move to TSBI (see linked issues).