GMS-2018-4: Arbitrary Code Injection

January 15, 2018

mobile-icon-resizer has a code execution vulnerability via the image resizing configuration: the parameters ratio and baseRatio are passed directly to eval(), thus allowing dynamic javascript payloads to be executed.

References

github.com/muzzley/mobile-icon-resizer/issues/8

Detect and mitigate GMS-2018-4 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →