Docker Compose Provider Type Command Execution

SUMMARY Docker Compose allows arbitrary command execution when processing compose files with a provider.type field. The vulnerability occurs because Docker Compose by design executes any Provider Type as a binary/script on the host without validation...