CVE-2023-2583: Improper Control of Generation of Code ('Code Injection')

May 8, 2023 (updated May 12, 2023)

Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3.

References

github.com/advisories/GHSA-g7rj-q722-245g
github.com/jsreport/jsreport/commit/afaff3804b34b38e959f5ae65f9e672088de13d7
github.com/jsreport/jsreport/releases/tag/3.11.3
huntr.dev/bounties/397ea68d-1e28-44ff-b830-c8883d067d96
nvd.nist.gov/vuln/detail/CVE-2023-2583

Detect and mitigate CVE-2023-2583 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →