CVE-2021-40720: Ops CLI Deserialization of Untrusted Data vulnerability
(updated )
Ops CLI version 2.0.4 (and earlier) is affected by a Deserialization of Untrusted Data vulnerability to achieve arbitrary code execution when the checkout_repo
function is called on a maliciously crafted file. An attacker can leverage this to execute arbitrary code on the victim machine.
References
Detect and mitigate CVE-2021-40720 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →