CVE-2013-4489: Repository#grep accepts Unix pipes by default

May 17, 2014 (updated May 19, 2014)

See CVE-2013-4489 advisory for GitLab: Remote code execution vulnerability in the code search feature http://seclists.org/oss-sec/2013/q4/224

References

github.com/gitlabhq/grit/commit/40f33a4f4f5604c2a531a1d86901fd81ac4402c4

Detect and mitigate CVE-2013-4489 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →