CVE-2020-7615: OS Command Injection

April 7, 2020

fsa is vulnerable to Command Injection. The first argument of execGitCommand(), located within lib/rep.js can be controlled by users without any sanitization to inject arbitrary commands.

References

nvd.nist.gov/vuln/detail/CVE-2020-7615

Detect and mitigate CVE-2020-7615 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →