Описание
Command Injection in gitlabhook
All versions of gitlabhook are vulnerable to Command Injection. The package does not validate input the body of POST request and concatenates it to an exec call, allowing attackers to run arbitrary commands in the system.
Recommendation
No fix is currently available. Consider using an alternative package until a fix is made available.
Пакеты
Наименование
gitlabhook
npm
Затронутые версииВерсия исправления
<= 0.0.17
Отсутствует
Связанные уязвимости
CVSS3: 10
nvd
больше 6 лет назад
NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name.