CVE-2020-15271: OS Command Injection
(updated )
In lookatme, the package automatically loaded the built-in terminal
and file_loader
extensions. As a workaround, the lookatme/contrib/terminal.py
and lookatme/contrib/file_loader.py
files may be manually deleted. Additionally, it is always recommended to be aware of what is being rendered with lookatme.
References
Detect and mitigate CVE-2020-15271 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →