CVE-2021-23632: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

March 17, 2022 (updated March 24, 2022)

All versions of package git is vulnerable to Remote Code Execution (RCE) due to missing sanitization in the Git.git method, which allows execution of OS commands rather than just git commands.

References

github.com/advisories/GHSA-9gqr-xp86-f87h
nvd.nist.gov/vuln/detail/CVE-2021-23632
snyk.io/vuln/SNYK-JS-GIT-1568518

Code Behaviors & Features

Detect and mitigate CVE-2021-23632 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →