CVE-2020-7621: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

February 10, 2022

strong-nginx-controller is vulnerable to Command Injection. It allows execution of arbitrary command as part of the ‘_nginxCmd()’ function.

References

github.com/advisories/GHSA-4v9w-pvwr-38h3
github.com/strongloop/strong-nginx-controller/blob/master/lib/server.js
nvd.nist.gov/vuln/detail/CVE-2020-7621
snyk.io/vuln/SNYK-JS-STRONGNGINXCONTROLLER-564248

Code Behaviors & Features

Detect and mitigate CVE-2020-7621 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →