CVE-2019-19609: Improper Input Validation

December 5, 2019 (updated December 18, 2019)

The Strapi framework is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.

References

nvd.nist.gov/vuln/detail/CVE-2019-19609

Code Behaviors & Features

Detect and mitigate CVE-2019-19609 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →