CVE-2021-26276: Improper Control of Dynamically-Managed Code Resources

January 27, 2021 (updated November 9, 2023)

scripts/cli.js in the GoDaddy node-config-shield (aka Config Shield) package for Node.js calls eval when processing a set command.

References

nvd.nist.gov/vuln/detail/CVE-2021-26276

Detect and mitigate CVE-2021-26276 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →