CVE-2021-34081: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

June 3, 2022

OS Command Injection vulnerability in bbultman gitsome through 0.2.3 allows attackers to execute arbitrary commands via a crafted tag name of the target git repository.

References

advisory.checkmarx.net/advisory/CX-2021-4780
github.com/advisories/GHSA-9v73-x562-wv5x
nvd.nist.gov/vuln/detail/CVE-2021-34081
www.npmjs.com/package/gitsome

Code Behaviors & Features

Detect and mitigate CVE-2021-34081 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →