gitlabhook 0.0.1-security
1 security vulnerability
found in version
0.0.1-security
Command Injection in gitlabhook
critical severity CVE-2019-5485
critical severity
CVE-2019-5485
Affected versions:
<= 0.0.17
All versions of gitlabhook are vulnerable to Command Injection. The package does not validate input the body of POST request and concatenates it to an exec call, allowing attackers to run arbitrary commands in the system.
Recommendation
No fix is currently available. Consider using an alternative package until a fix is made available.
npm package version without a license.
Unless a license that specifies otherwise is included, nobody can use, copy, distribute, or modify this library without being at risk of take-downs, shake-downs, or litigation.
This package version is available.
This package version has not been yanked and is still available for usage.