CVE-2015-8969: Shell Metacharacter Injection Arbitrary Command Execution
(updated )
The library passes user modifiable strings directly to a shell command. An attacker
can execute malicious commands by modifying the strings that are passed as arguments to cd
and git clone
commands in the library.
References
Detect and mitigate CVE-2015-8969 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →