CVE-2023-49210: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
(updated )
The openssl (aka node-openssl) NPM package through 2.0.0 was characterized as “a nonsense wrapper with no real purpose” by its author, and accepts an opts argument that contains a verb field (used for command execution). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
References
Detect and mitigate CVE-2023-49210 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →