CVE-2025-53623: Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class
(updated )
There is an arbitrary code execution vulnerability in the CsvEnumerator class of the job-iteration repository. This vulnerability can be exploited by an attacker to execute arbitrary commands on the system where the application is running, potentially leading to unauthorized access, data leakage, or complete system compromise.
References
- github.com/Shopify/job-iteration
- github.com/Shopify/job-iteration/commit/1a7adfdd041105a5e45e774cadc6b973a292ba55
- github.com/Shopify/job-iteration/pull/595
- github.com/Shopify/job-iteration/releases/tag/v1.11.0
- github.com/Shopify/job-iteration/security/advisories/GHSA-6qjf-g333-pv38
- github.com/advisories/GHSA-6qjf-g333-pv38
- nvd.nist.gov/vuln/detail/CVE-2025-53623
Code Behaviors & Features
Detect and mitigate CVE-2025-53623 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →