GMS-2016-75: OS command injection

October 21, 2016

Parsing a file with a malicious name leads to arbitrary OS command injection, this is especially risky when parsing user-supplied files on a server (e.g. uploaded files).

References

seclists.org/oss-sec/2016/q4/203
github.com/deanmalmgren/textract/pull/114

Code Behaviors & Features

Detect and mitigate GMS-2016-75 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →