CVE-2020-27348: Uncontrolled Search Path Element
(updated )
In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH
, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar.
References
Detect and mitigate CVE-2020-27348 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →