CVE-2023-1367: Improper Control of Generation of Code ('Code Injection')

March 13, 2023

Code Injection in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

References

github.com/advisories/GHSA-9qvw-fhj2-xqmv
github.com/alextselegidis/easyappointments/commit/453c6e130229718680c91bef450db643a0f263e4
huntr.dev/bounties/16bc74e2-1825-451f-bff7-bfdc1ea75cc2
nvd.nist.gov/vuln/detail/CVE-2023-1367

Detect and mitigate CVE-2023-1367 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →