Lucene search

Command Injection in gitlabhook

🗓️ 16 Sep 2019 22:02:24Reported by GitHub Advisory DatabaseType

Command Injection vulnerability in gitlabhook. Unvalidated POST request body input is concatenated to an exec call, enabling execution of arbitrary commands

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 12
Cvelist	CVE-2019-5485	13 Sep 201917:30	–	cvelist
OSV	GHSA-549F-73HH-MJ38 Command Injection in gitlabhook	16 Sep 201922:24	–	osv
CVE	CVE-2019-5485	13 Sep 201918:15	–	cve
NVD	CVE-2019-5485	13 Sep 201918:15	–	nvd
0day.today	NPMJS gitlabhook 0.0.17 - (repository) Remote Command Execution Exploit	26 Sep 201900:00	–	zdt
Node.js	Command Injection	17 Sep 201920:56	–	nodejs
Veracode	OS Command Injection	16 Sep 201901:31	–	veracode
exploitpack	NPMJS gitlabhook 0.0.17 - repository Remote Command Execution	25 Sep 201900:00	–	exploitpack
Prion	Command injection	13 Sep 201918:15	–	prion
Packet Storm	NPMJS gitlabhook 0.0.17 Remote Command Execution	25 Sep 201900:00	–	packetstorm

Vulners

Node

gitlabhook_project gitlabhookRange≤0.0.17

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2019-5485
hackerone	www.hackerone.com/reports/685447
packetstormsecurity	www.packetstormsecurity.com/files/154598/NPMJS-gitlabhook-0.0.17-Remote-Command-Execution.html
github	www.github.com/advisories/GHSA-549f-73hh-mj38

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

16 Sep 2019 22:24Current

7High risk

Vulners AI Score7

CVSS210

CVSS310

EPSS0.49491

CWE-78