GMS-2019-17: Command Injection in command-exists

June 3, 2019 (updated August 4, 2021)

Versions of command-exists are vulnerable to command injection. This is exploitable if user input is provided to this module. Update to or later.

References

github.com/advisories/GHSA-cff4-rrq6-h78w
github.com/mathisonian/command-exists/blob/v1.2.2/lib/command-exists.js
hackerone.com/reports/324453
www.npmjs.com/advisories/659

Detect and mitigate GMS-2019-17 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →