CVE-2020-11977: OS Command Injection

September 15, 2020 (updated September 24, 2020)

In Apache Syncope, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution.

References

nvd.nist.gov/vuln/detail/CVE-2020-11977

Code Behaviors & Features

Detect and mitigate CVE-2020-11977 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →