GMS-2015-28: Remote Code Execution using maliciously forged file

September 16, 2015

A maliciously forged file opened for editing can execute javascript, specifically by being redirected to /files/ due to a failure to treat the file as plain text.

References

github.com/ipython/ipython/commit/0a8096adf165e2465550bd5893d7e352544e5967

Detect and mitigate GMS-2015-28 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →