CVE-2019-5485: OS Command Injection

September 13, 2019 (updated September 25, 2019)

NPM package gitlabhook is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name.

References

nvd.nist.gov/vuln/detail/CVE-2019-5485

Detect and mitigate CVE-2019-5485 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →