CVE-2023-27848: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

April 24, 2023 (updated May 3, 2023)

broccoli-compass v0.2.4 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function.

References

github.com/advisories/GHSA-wq8f-xmq3-5vq9
github.com/omnitaint/Vulnerability-Reports/blob/9d65add2bca71ed6d6b2e281ee6790a12504ff8e/reports/broccoli-compass/report.md
nvd.nist.gov/vuln/detail/CVE-2023-27848
www.npmjs.com/package/broccoli-compass

Code Behaviors & Features

Detect and mitigate CVE-2023-27848 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →