mirror of
https://github.com/0xMarcio/cve.git
synced 2026-02-12 22:53:11 +00:00
762 B
762 B
CVE-2019-5485
&color=brightgreen)
Description
NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name.
POC
Reference
- http://packetstormsecurity.com/files/154598/NPMJS-gitlabhook-0.0.17-Remote-Command-Execution.html
- https://hackerone.com/reports/685447
Github
No PoCs found on GitHub currently.