GMS-2020-405: Unauthorized File Access in node-git-server

September 3, 2020 (updated September 29, 2021)

Versions of node-git-server are vulnerable to Unauthorized File Access. It is possible to access any git repository by using absolute paths, which may allow attackers to access private repositories. Upgrade to or later.

References

github.com/advisories/GHSA-cv3v-7846-6pxm
github.com/gabrielcsapo/node-git-server/commit/ac26650f69bc445d71e4f2c55328676d10a4be43
github.com/gabrielcsapo/node-git-server/pull/62
snyk.io/vuln/SNYK-JS-NODEGITSERVER-474343
www.npmjs.com/advisories/1214

Detect and mitigate GMS-2020-405 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →