GMS-2017-185: Command Injection

August 29, 2017

The fs-git module relies on child_process.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection across all methods that use it and call exec.

References

github.com/vvakame/fs-git/commit/eb5f70efa5cfbff1ab299fa7daaa5de549243998

Code Behaviors & Features

Detect and mitigate GMS-2017-185 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →