CyberSec.Space Logo
Back to CVE Browser

CVE-2019-5485

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0320%
EPSS Percentile22.03th
PublishedSep 13, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name.

Affected Platforms (CPE)

πŸ“¦
Gitlabhook Project

Gitlabhook

= 0.0.17

References & Advisories

πŸ”— http://packetstormsecurity.com/files/154598/NPMJS-gitlabhook-0.0.17-Remote-Command-Execution.html
πŸ”— https://hackerone.com/reports/685447
πŸ”— http://packetstormsecurity.com/files/154598/NPMJS-gitlabhook-0.0.17-Remote-Command-Execution.html
πŸ”— https://hackerone.com/reports/685447

Related Vulnerabilities

CVE-2019-002210.0

Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full contro...

CVE-2019-623510.0

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12...

CVE-2019-002010.0

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full contr...

CVE-2019-1068610.0

An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port ...