CVE-2014-1216: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

May 17, 2022 (updated July 7, 2022)

FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.

References

www.exploit-db.com/exploits/32568
github.com/advisories/GHSA-mpx3-mx2p-9gv3
nvd.nist.gov/vuln/detail/CVE-2014-1216

Detect and mitigate CVE-2014-1216 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →