CVE-2014-5002: Command injection vulnerability

January 10, 2018 (updated May 6, 2019)

The file /lib/lynx/pipe/get.rb does not properly sanitize user input before sending to command line. It may allow a remote attacker to execute arbitrary commands.

References

www.vapid.dhs.org/advisories/lynx-0.2.0.html

Code Behaviors & Features

Detect and mitigate CVE-2014-5002 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →