OSVDB-108594: Command injection vulnerability

June 30, 2014

The file /lib/cmd_parse.rb contains a flaw that is triggered when handling shell metacharacters passed via the ‘ip’ variable. This may allow a remote attacker to inject arbitrary commands.

References

www.vapid.dhs.org/advisories/gnms-2.1.1.html

Code Behaviors & Features

Detect and mitigate OSVDB-108594 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →