CVE-2017-12612: Deserialization of Untrusted Data

September 13, 2017 (updated September 26, 2017)

This package is vulnerable to arbitrary code execution by an attacker with access to any user account on the local machine.

References

www.securityfocus.com/bid/100823
nvd.nist.gov/vuln/detail/CVE-2017-12612

Detect and mitigate CVE-2017-12612 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →