CVE-2019-10796: Injection Vulnerability

February 24, 2020 (updated February 26, 2020)

rpi allows execution of arbitrary commands. The variable pinNumber in function GPIO within src/lib/gpio.js is used as part of the arguments to the exec function without any sanitization.

References

nvd.nist.gov/vuln/detail/CVE-2019-10796

Detect and mitigate CVE-2019-10796 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →