CVE-2023-20902: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) in github.com/goharbor/harbor.
References
- github.com/advisories/GHSA-mq6f-5xh5-hgcf
- github.com/goharbor/harbor/blob/aaea068cceb4063ab89313d9785f2b40f35b0d63/src/jobservice/api/authenticator.go
- github.com/goharbor/harbor/releases/tag/v1.10.18
- github.com/goharbor/harbor/releases/tag/v2.7.3
- github.com/goharbor/harbor/releases/tag/v2.8.3
- github.com/goharbor/harbor/security/advisories/GHSA-mq6f-5xh5-hgcf
Detect and mitigate CVE-2023-20902 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →