CVE-2021-23330: Improper Neutralization of Special Elements used in a Command ('Command Injection')

April 13, 2021

All versions of package launchpad are vulnerable to Command Injection via stop.

References

github.com/advisories/GHSA-7h8x-wmq2-7mff
github.com/bitovi/launchpad/issues/123%23issuecomment-732188118
github.com/bitovi/launchpad/pull/124
nvd.nist.gov/vuln/detail/CVE-2021-23330
snyk.io/vuln/SNYK-JS-LAUNCHPAD-1044065

Detect and mitigate CVE-2021-23330 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →