CVE-2019-5485
CRITICAL10.0EPSS 49.6%Command Injection in gitlabhook
發布日:2019/9/16修改日:2023/11/8
描述
All versions of `gitlabhook` are vulnerable to Command Injection. The package does not validate input the body of POST request and concatenates it to an exec call, allowing attackers to run arbitrary commands in the system. ## Recommendation No fix is currently available. Consider using an alternative package until a fix is made available.
受影響套件(1)
- npm/gitlabhookfrom 0, <= 0.0.17
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL10.0 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |