CVE-2020-1147: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
(updated )
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka ‘.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability’.
References
- packetstormsecurity.com/files/158694/SharePoint-DataSet-DataTable-Deserialization.html
- packetstormsecurity.com/files/158876/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html
- packetstormsecurity.com/files/163644/Microsoft-SharePoint-Server-2019-Remote-Code-Execution.html
- github.com/advisories/GHSA-g5vf-38cp-4px9
- github.com/dotnet/announcements/issues/159
- nvd.nist.gov/vuln/detail/CVE-2020-1147
- portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1147
- www.exploitalert.com/view-details.html?id=35992
Code Behaviors & Features
Detect and mitigate CVE-2020-1147 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →