GMS-2020-764: Reflected Cross-Site Scripting in redis-commander

September 1, 2020 (updated March 4, 2022)

Affected versions of redis-commander contain a cross-site scripting vulnerability in the highlighterId paramter of the clipboard.swf component on hosts serving Redis Commander.

References

github.com/advisories/GHSA-8c8c-4vfj-rrpc
hackerone.com/reports/296377
www.npmjs.com/advisories/562

Code Behaviors & Features

Detect and mitigate GMS-2020-764 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →