CVE-2015-4130: Command Injection

January 22, 2015

Due to the use of child_process.exec when executing git commands, ungit allows for commands to be injectied from user input fields that end up in an executed git command.

References

github.com/FredrikNoren/ungit/issues/486

Code Behaviors & Features

Detect and mitigate CVE-2015-4130 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →