GMS-2016-37: Potential Command Injection

June 21, 2016

The module does not properly escape “>” and “<” operator used for redirection in shell. Application escaping command-line args with this module might be vulnerable from malicious user input.

References

github.com/substack/node-shell-quote/commit/70e9eb2a854eb56a3dfa255be12610a722bbe080
github.com/substack/node-shell-quote/commit/ace52f4c8717b370b301a3db3a4727db26e309ad

Code Behaviors & Features

Detect and mitigate GMS-2016-37 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →