CVE-2022-38545: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

September 19, 2022 (updated September 22, 2022)

Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request.

References

github.com/advisories/GHSA-mcvg-g9wx-v5vx
github.com/xCss/Valine/commit/c40826c5816c98d797a6b1ed8b62bddf73ed4f65
github.com/xCss/Valine/issues/400
github.com/xCss/Valine/releases/tag/v1.5.0
nvd.nist.gov/vuln/detail/CVE-2022-38545

Code Behaviors & Features

Detect and mitigate CVE-2022-38545 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →