OSVDB-120857: Remote code execution

April 15, 2015

The package refile contains a flaw that is triggered when input is not sanitized when handling the remote_image_url field in a form, where image is the name of the attachment. This may allow a remote attacker to execute arbitrary shell commands.

References

groups.google.com/forum/

Detect and mitigate OSVDB-120857 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →