CyberSec.Space Logo
CVEブラウザに戻る

CVE-2019-5485

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0320%
EPSS Percentile22.03th
Published2019年9月13日
Last Modified2024年11月21日

Vulnerability Description

NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name.

Affected Platforms (CPE)

📦
Gitlabhook Project

Gitlabhook

= 0.0.17

References & Advisories

🔗 http://packetstormsecurity.com/files/154598/NPMJS-gitlabhook-0.0.17-Remote-Command-Execution.html
🔗 https://hackerone.com/reports/685447
🔗 http://packetstormsecurity.com/files/154598/NPMJS-gitlabhook-0.0.17-Remote-Command-Execution.html
🔗 https://hackerone.com/reports/685447

関連する脆弱性情報

CVE-2019-1068610.0

An SSRF vulnerability was found in an API from Ctrip Apollo through 1.4.0-SNAPSHOT. An attacker may use it to do an intranet port ...

CVE-2019-623510.0

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12...

CVE-2019-390510.0

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.

CVE-2019-760910.0

Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. An attacker with acce...