CVE-2022-0841: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

March 3, 2022 (updated March 9, 2022)

OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4.

References

github.com/advisories/GHSA-cr6m-62pq-hmqh
github.com/ljharb/npm-lockfile/commit/bfdb84813260f0edbf759f2fde1e8c816c1478b8
huntr.dev/bounties/4f806dc9-2ecd-4e79-997e-5292f1bea9f1
nvd.nist.gov/vuln/detail/CVE-2022-0841

Code Behaviors & Features

Detect and mitigate CVE-2022-0841 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →