GMS-2024-140: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) in ckeditor4.
References
- github.com/advisories/GHSA-wh5w-82f3-wrxh
- github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb
- github.com/ckeditor/ckeditor4/security/advisories/GHSA-wh5w-82f3-wrxh
- nvd.nist.gov/vuln/detail/CVE-2023-4771
- www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-cksource-ckeditor
Code Behaviors & Features
Detect and mitigate GMS-2024-140 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →