CVE-2017-9736: OS Command Injection

June 17, 2017 (updated November 4, 2017)

SPIP does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution.

References

contrib.spip.net/CRITICAL-security-update-SPIP-3-1-6-and-SPIP-3-2-Beta
core.spip.net/projects/spip/repository/revisions/23593
core.spip.net/projects/spip/repository/revisions/23594
nvd.nist.gov/vuln/detail/CVE-2017-9736

Code Behaviors & Features

Detect and mitigate CVE-2017-9736 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →