GHSA-c2p2-hgjg-9r3f: Crayfish Allows Remote Code Execution via hypercube X-Islandora-Args Header

February 12, 2025

What kind of vulnerability is it? Who is impacted?

Remote code execution is possible in web-accessible installations of hypercube.

References

github.com/Islandora/Crayfish
github.com/Islandora/Crayfish/security/advisories/GHSA-c2p2-hgjg-9r3f
github.com/advisories/GHSA-c2p2-hgjg-9r3f

Code Behaviors & Features

Detect and mitigate GHSA-c2p2-hgjg-9r3f with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →