GMS-2020-256: Command Injection in expressfs

September 3, 2020 (updated September 28, 2021)

All versions of expressfs are vulnerable to Command Injection. expressfs.cp, expressfs.create and expressfs.rmdir. No fix is currently available. Consider using an alternative module until a fix is made available.

References

github.com/advisories/GHSA-mxmj-84q8-34r7
www.npmjs.com/advisories/953

Detect and mitigate GMS-2020-256 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →