CVE-2013-1933: Remote Command Injection

April 25, 2013 (updated August 28, 2017)

User supplied input isn’t sanitized against shell metacharacters and is fed directly to the shell. If the user is tricked into extracting a file with shell characters, arbitrary code can be executed remotely.

References

vapid.dhs.org/advisories/karteek-docsplit-cmd-inject.html

Code Behaviors & Features

Detect and mitigate CVE-2013-1933 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →