CVE-2020-26294

OS Command Injection in go/github.com/go-vela/compiler

Identifiers

CVE-2020-26294, GHSA-gv2h-gf8m-r68j

Package Slug

go/github.com/go-vela/compiler

Vulnerability

OS Command Injection

Description

Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. In addition to upgrading, it is recommended to rotate all secrets.

Affected Versions

All versions before 0.6.1

Solution

Upgrade to version 0.6.1 or above.

Last Modified

2021-01-16

source