CVE-2019-10776: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

February 14, 2020 (updated August 19, 2021)

In “index.js” file line, the run command executes the git command with a user controlled variable called remoteUrl. This affects git-diff-apply all

References

github.com/advisories/GHSA-84cm-v6jp-gjmr
github.com/kellyselden/git-diff-apply/commit/106d61d3ae723b4257c2a13e67b95eb40a27e0b5
nvd.nist.gov/vuln/detail/CVE-2019-10776
snyk.io/vuln/SNYK-JS-GITDIFFAPPLY-540774
snyk.io/vuln/SNYK-JS-GITDIFFAPPLY-540774,

Detect and mitigate CVE-2019-10776 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →