CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-5485

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0320%
EPSS Percentile22.03th
Published2019年9月13日
Last Modified2024年11月21日

Vulnerability Description

NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name.

Affected Platforms (CPE)

📦
Gitlabhook Project

Gitlabhook

= 0.0.17

References & Advisories

🔗 http://packetstormsecurity.com/files/154598/NPMJS-gitlabhook-0.0.17-Remote-Command-Execution.html
🔗 https://hackerone.com/reports/685447
🔗 http://packetstormsecurity.com/files/154598/NPMJS-gitlabhook-0.0.17-Remote-Command-Execution.html
🔗 https://hackerone.com/reports/685447

相關漏洞威脅

CVE-2019-002210.0

Juniper ATP ships with hard coded credentials in the Cyphort Core instance which gives an attacker the ability to take full contro...

CVE-2019-1151010.0

In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated rem...

CVE-2019-002010.0

Juniper ATP ships with hard coded credentials in the Web Collector instance which gives an attacker the ability to take full contr...

CVE-2019-186710.0

A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypa...