CVE-2019-5485

NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name...

Malicious code in gitlabhook (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 07cc248a040f88d3052194678254b7bc9be0a2f3f9dda89ed16981c2c86510ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-476 Malicious code in gitlabhook (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 07cc248a040f88d3052194678254b7bc9be0a2f3f9dda89ed16981c2c86510ee Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

NPMJS gitlabhook 0.0.17 - (repository) Remote Command Execution Exploit

NPMJS gitlabhook version 0.0.17 suffers from a remote command execution vulnerability. Exploit Title: NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: https://www.npmjs.com/package/gitlabhook Version: 0.0.17 Tested on: Kali...

NPMJS gitlabhook 0.0.17 - repository Remote Command Execution

NPMJS gitlabhook 0.0.17 - repository Remote Command Execution Exploit Title: NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution Date: 2019-09-13 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: https://www.npmjs.com/package/gitlabhook Version: 0.0.17 Tested on: Kali Linux 2...

NPMJS gitlabhook 0.0.17 Remote Command Execution

Exploit Title: NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution Date: 2019-09-13 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: https://www.npmjs.com/package/gitlabhook Version: 0.0.17 Tested on: Kali Linux 2, Windows 10. CVE : CVE-2019-5485 !/usr/bin/python import...

NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution

Exploit Title: NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution Date: 2019-09-13 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: https://www.npmjs.com/package/gitlabhook Version: 0.0.17 Tested on: Kali Linux 2, Windows 10. CVE : CVE-2019-5485 !/usr/bin/python import...

Command Injection

Overview All versions of gitlabhook are vulnerable to Command Injection. The package does not validate input the body of POST request and concatenates it to an exec call, allowing attackers to run arbitrary commands in the system. Recommendation No fix is currently available. Consider using an...

Command Injection in gitlabhook

All versions of gitlabhook are vulnerable to Command Injection. The package does not validate input the body of POST request and concatenates it to an exec call, allowing attackers to run arbitrary commands in the system. Recommendation No fix is currently available. Consider using an alternative...

GHSA-549F-73HH-MJ38 Command Injection in gitlabhook

All versions of gitlabhook are vulnerable to Command Injection. The package does not validate input the body of POST request and concatenates it to an exec call, allowing attackers to run arbitrary commands in the system. Recommendation No fix is currently available. Consider using an alternative...

OS Command Injection

gitlabhook is vulnerable to OS Command Injection. The vulnerability exists as it does not sanitize the values of the user input passed into execFile...

CVE-2019-5485

NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name...

CVE-2019-5485

NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name...

Command injection

NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name...

CVE-2019-5485

The CVE-2019-5485 issue affects the npm package gitlabhook v0.0.17, where the repository.name field in a POST body is concatenated into an exec call without sanitization, enabling remote code execution. Exploit examples in connected data show an attacker can inject commands (e.g., creating /tmp/p...

CVE-2019-5485

NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name...

PT-2019-17703 · Gitlab · Gitlabhook

Name of the Vulnerable Software and Affected Versions: gitlabhook versions 0.0.17 and earlier gitlabhook all versions Description: The issue concerns a Command Injection vulnerability. It allows arbitrary commands to be injected through the repository name. The package does not validate input in...

Node.js third-party modules: gitlabhook OS Command Injection

I would like to report OS Command Injection in gitlabhook. It allows execution of arbitrary code on the remote server, that waits for instructions from gitlab. Module module name: gitlabhook version: 0.0.17 npm page: https://www.npmjs.com/package/gitlabhook Module Description This is an easy to u...