5 matches found
NPMJS gitlabhook 0.0.17 - (repository) Remote Command Execution Exploit
NPMJS gitlabhook version 0.0.17 suffers from a remote command execution vulnerability. Exploit Title: NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: https://www.npmjs.com/package/gitlabhook Version: 0.0.17 Tested on: Kali...
NPMJS gitlabhook 0.0.17 Remote Command Execution
Exploit Title: NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution Date: 2019-09-13 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: https://www.npmjs.com/package/gitlabhook Version: 0.0.17 Tested on: Kali Linux 2, Windows 10. CVE : CVE-2019-5485 !/usr/bin/python import...
NPMJS gitlabhook 0.0.17 - repository Remote Command Execution
NPMJS gitlabhook 0.0.17 - repository Remote Command Execution Exploit Title: NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution Date: 2019-09-13 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: https://www.npmjs.com/package/gitlabhook Version: 0.0.17 Tested on: Kali Linux 2...
NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution
Exploit Title: NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution Date: 2019-09-13 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: https://www.npmjs.com/package/gitlabhook Version: 0.0.17 Tested on: Kali Linux 2, Windows 10. CVE : CVE-2019-5485 !/usr/bin/python import...
CVE-2019-5485
The CVE-2019-5485 issue affects the npm package gitlabhook v0.0.17, where the repository.name field in a POST body is concatenated into an exec call without sanitization, enabling remote code execution. Exploit examples in connected data show an attacker can inject commands (e.g., creating /tmp/p...