CVE-2019-10802: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

April 13, 2021

giting allows execution of arbritary commands. The first argument “repo” of function “pull()” is executed by the package without any validation.

References

github.com/MangoRaft/git/commit/9be41081f547d3dcef25e7d7c957bc2a3be2dfe0
github.com/advisories/GHSA-53xj-v576-3ch2
nvd.nist.gov/vuln/detail/CVE-2019-10802
snyk.io/vuln/SNYK-JS-GITING-559008

Code Behaviors & Features

Detect and mitigate CVE-2019-10802 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →