CVE-2021-32673: Improper Control of Generation of Code ('Code Injection')
(updated )
reg-keygen-git-hash-plugin is a reg-suit plugin to detect the snapshot key to be compare with using Git commit hash. reg-keygen-git-hash-plugin through and including allow remote attackers to execute of arbitrary commands. Upgrade to or later to resolve this issue.
References
- github.com/advisories/GHSA-49q3-8867-5wmp
- github.com/reg-viz/reg-suit/commit/f84ad9c7a22144d6c147dc175c52756c0f444d87
- github.com/reg-viz/reg-suit/releases/tag/v0.10.16
- github.com/reg-viz/reg-suit/security/advisories/GHSA-49q3-8867-5wmp
- nvd.nist.gov/vuln/detail/CVE-2021-32673
- www.npmjs.com/package/reg-keygen-git-hash-plugin
Detect and mitigate CVE-2021-32673 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →