CVE-2023-36458: Improper Neutralization of Special Elements used in a Command ('Command Injection')

July 5, 2023 (updated July 7, 2023)

1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.3.6, an authenticated attacker can craft a malicious payloads to achieve command injection when entering the container terminal. The vulnerability has been fixed in v1.3.6.

References

github.com/1Panel-dev/1Panel/releases/tag/v1.3.6
github.com/1Panel-dev/1Panel/security/advisories/GHSA-7x2c-fgx6-xf9h
github.com/advisories/GHSA-7x2c-fgx6-xf9h
nvd.nist.gov/vuln/detail/CVE-2023-36458

Code Behaviors & Features

Detect and mitigate CVE-2023-36458 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →