CVE-2023-46498: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

December 8, 2023 (updated December 13, 2023)

An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file.

References

devhub.checkmarx.com/cve-details/Cx8b24ace3-0c9a/
devhub.checkmarx.com/cve-details/cve-2023-46498/
github.com/advisories/GHSA-5mmr-9qx3-3pf9
github.com/evershopcommerce/evershop/pull/342
nvd.nist.gov/vuln/detail/CVE-2023-46498

Detect and mitigate CVE-2023-46498 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →