CVE-2022-41711: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

October 26, 2022

Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.

References

fluidattacks.com/advisories/harlow/
github.com/advisories/GHSA-fwvc-9xhj-26v5
github.com/uasoft-indonesia/badaso/commit/22250eca7c364d991ce9e0a723941eae4889d6f9
github.com/uasoft-indonesia/badaso/issues/802
nvd.nist.gov/vuln/detail/CVE-2022-41711

Detect and mitigate CVE-2022-41711 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →