CVE-2019-10800: Codecov prior to 2.0.16 does not sanitize gcov arguments
(updated )
This affects the package codecov before 2.0.16. The vulnerability occurs due to not sanitizing gcov arguments before being being provided to the popen method.
References
Detect and mitigate CVE-2019-10800 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →