CVE-2020-13110: Uncontrolled Search Path Element

May 16, 2020 (updated May 20, 2020)

The kerberos package for Node.js allows arbitrary code execution and privilege escalation. The flaw may be exploited by injecting malicious DLLs, due to incorrect handling of DLL search paths in the kerberos_sspi LoadLibrary() method.

References

nvd.nist.gov/vuln/detail/CVE-2020-13110

Detect and mitigate CVE-2020-13110 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →